Use cases for LOBSTER Collaborative network monitoring for NREN’s Rutger Coolen, TNC 2005
Agenda • LOBSTER Viewpoints and Actors • Use cases - Approach • 2 example use cases for LOBSTER • Your input • Current Status 2 Rutger Coolen TNC 2005
Viewpoints on LOBSTER • Project viewpoint • LOBSTER is a “Specific Support Action” project under EU FP 6 • Infrastructure viewpoint • The LOBSTER project realises a pilot infrastructure for advanced network monitoring • Community viewpoint • The owners and users of the LOBSTER infrastructure cooperate in a community 3 Rutger Coolen TNC 2005
Overview of the actors • LOBSTER community • LOBSTER primarily aims at NREN’s • and secondarily at ISP’s • Other potential users • Customers of NREN’s and ISP’s, including researchers • Government / policy-makers 4 Rutger Coolen TNC 2005
• LOBSTER Viewpoints and Actors • Use cases - Approach • 2 example use cases for LOBSTER • Your input & Current Status 5 Rutger Coolen TNC 2005
Use Cases • What use-cases are: • Applications of the LOBSTER infrastructure • What use-cases are used for: • To demonstrate the benefits of LOBSTER • To derive requirements for the LOBSTER infrastructure • What use-cases are not: • The (business) case for joining LOBSTER 6 Rutger Coolen TNC 2005
Use Cases Inclusion of LOBSTER characteristics • Beyond state-of-the-art monitoring capabilities • Distributed sensors • Co-operation between NREN’s • Interdomain problems s m ain l p lti Hig h d Spe e • Confidentiality reqs • Privacy legislation • Anonymisation c riva P y Mu do e Ad mo van nit ced or ing • Advanced Hardware • Useful for advanced NREN & GN 2 networks Benefits for users 7 Rutger Coolen TNC 2005
Use Cases Approach USE CASE # < the name is the goal as a short active verb phrase> Goal in Context <a longer statement of the goal in context if needed> Scope & Level <what system is being considered black box under design> Preconditions <what we expect is already the state of the world> Success End Condition <the state of the world upon successful completion> Failed End Condition <the state of the world if goal abandoned> Primary, Secondary Actors <a role name or description for the primary actor, and other systems relied upon to accomplish use case> Trigger <the action upon the system that starts the use case> DESCRIPTION Step Action 1 <put here the steps of the scenario from trigger to goal delivery, and any cleanup afte> 2 <. . . > Step Branching Action 1 a <condition causing branching> : <action or name of sub. use case> EXTENSIONS SUB-VARIATIONS Branching Action 1 <list of variation s> Basic Use-Case Template: Structuring Use-Cases with Goals, Alistair Cockburn • http: //alistair. cockburn. us 8 Rutger Coolen TNC 2005
• LOBSTER Viewpoints and Actors • Use cases - Approach • 2 example use cases for LOBSTER • Your input & Current Status 9 Rutger Coolen TNC 2005
Use Case 1 a - Collaborative Worm Detection 1. On detection of a worm a signature is distributed NREN 2 NREN 1 MP MP MP NREN x CSIRT analysis MP MP MP 10 Rutger Coolen MP Measurement Point, or Monitoring Sensor TNC 2005
Use Case 1 a - Collaborative Worm Detection 2. LOBSTER measurement points collect worm sources Measurement Point Worm list Source Customer 10. 0. 0. 1 Univ. 1 10. 0. 2. 4 R&D. 2 10. 1. 1. 2 Univ. 2 … … copy of traffic 11 Rutger Coolen TNC 2005
Use Case 1 a - Collaborative Worm Detection 3 a. Incident Response Team takes actions (1) Block sources, or route to special web-site 10. 0. 0. 1 10. 0. 2. 4 … Measurement Point (2) E-mail to customers Worm Source IP’s Customer X Access Router for Customers 12 Rutger Coolen TNC 2005
Use Case 1 b - Worm Impact Statistics 3 b. Anonymous data is combined in an overall picture NREN 2 NREN 1 MP MP MP 13 Rutger Coolen MP MP MP Anonymous worm counts NREN 1 Anonymous worm counts NREN 2 TNC 2005
Use Case 2 a – Advanced Services Monitoring 1. Inter- and intradomain call set-up and data-streams NREN 2 NREN 1 n ai -IP om er rd ov te e. In oic V 14 Rutger Coolen NREN x m g do r cin te o n In ide ere V nf Co Intradomain Voice-over-IP TNC 2005
Use Case 2 a – Advanced Services Monitoring 2. A user monitor’s the key parameters NREN 1 NREN 2 Ingress/ egress MP MP MP (Partial) raw data from other NREN 15 Rutger Coolen Intradomain TNC 2005
Use Case 2 a – Advanced Services Monitoring 3. Summary of advanced services parameters NREN 1 NRENx NREN 1 - 1024 calls/day 1. 12 Tb data/day Avg. MOS = 4. 12 NRENx … - NREN 2 NREN 1 MP MP MP 16 Rutger Coolen MP MP MP Advanced Services Summary TNC 2005
Use Cases Overview of primary actors per case Case NREN ISP Customers Policy-makers Security Collaborative Worm Detection (case 1 a) • • • Statistical Worm Impact Statistics (case 1 b) • • Performance measurement Advanced Services Monitoring Quality Measurement (case 2 b) • • • Network Planning Advanced Services Monitoring Traffic overview (case 2 a) 17 Rutger Coolen • TNC 2005
More use cases… • Security incident response • Spyware detection • Denial-of-Service attack: control traffic detection • Backdoor detection • Performance measurement • Delay sensitive grid computing • On-line (educational) games • Network traffic characterisation • Peer-to-peer applications • Services with dynamic ports 18 Rutger Coolen TNC 2005
• LOBSTER Viewpoints and Actors • Use cases - Approach • 2 example use cases for LOBSTER • Your input & Current Status 19 Rutger Coolen TNC 2005
Your Input: questions or remarks • Reaction on use cases • Requirements for the infrastructure or community 20 Rutger Coolen TNC 2005
Current status • Implementation of pilot infrastructure by the LOBSTER consortium • Initial community with Forthnet, Uninett, and Cesnet in 2005 • Establishing relation with Geant 2/ JRA-1 • You are invited to join our efforts and become a pilot user! 21 Rutger Coolen TNC 2005
Thank you 22 Rutger Coolen TNC 2005
Скачать презентацию Use cases for LOBSTER Collaborative network monitoring for
627949d70b4f83fa51c66e6751bcbd09.ppt