CAIDA Releases cflowd Flow Analysis Software to help ISPs Plan Their Networks
For more information, contact:
Tracie Monk, CAIDA, 858-822-0943, email@example.com.
UNIVERSITY OF CALIFORNIA, SAN DIEGO -- The Cooperative Association for Internet Data Analysis (CAIDA) announced today a release of free software to enable Internet Service Provide rs (ISPs) to more effectively monitor traffic operations, conduct capacity planning for their networks, and analyze Internet traffic trends. CAIDA is making key modules of the cflowd v2.0 software package, which logs and analyzes traffic data from network routers, freely available to the public.
"Collection and analysis of basic traffic statistics is fundamental to Internet providers' ability to design and operate their networks," said K.C. Claffy, CAIDA's Chief Technical Officer. "cflowd and related CAIDA tools provide the statistics that network engineers need for architecting network connections, accounting, troubleshooting, and tracing attacks and s ecurity vulnerabilities."
The cflowd software package was developed to collect and analyze flow-export data available from Cisco routers. Extensive changes were made in upgrading cflowd from version 1.3b2 (developed in collaboration with ANS Communications, Inc.) to CAIDA's current version of the software. cflowd now supports version 1 of Netflow in addition t o version 5. Netflow is the flow-export format used by Cisco routers. cflowd version 2.0 receives export packets from the router and stores the data in memory in an effici ent format for lookups. A TCP client program, cfdcollect, collects the data and converts it to the arts++ format.
"Use of cflowd by other networks was somewhat constrained by the absence of data archiving and analysis facilities in the freeware version," said Daniel McRobb, developer o f cflowd. "CAIDA's current public release version of cflowd contains these features and directly addresses requests from networks for increased analysis functionality. We hope this new software will address an important limitation upon ISPs' abilities to manage and architect their networks."
In addition to new tabular formats, cflowd 2.0 can display packets and bits per second, as well as normal packet and byte counters. The software utilizes the arts++ data st orage specification to store flow export data. arts++ is a C++ class library, significantly enhanced from an original ARTS data file format licensed to CAIDA by ANS in early 1998.A user can store flow information and view the data in different ways. cflowd can produce matrices by autonomous system and network, and tables by port number and Internet protocol. With this information, engineers can evaluate traffic flow patterns between nodes on their networks and other networks. Engineers also can analyze traffic by application (for example, Web vs. e-mail vs. streaming audio vs. FTP) as well as by protocol (TCP vs. ICMP vs. DNS, for example). Insights from these types of analyses can help ISPs manage current networks and p lan future network upgrades.
Other areas where cflowd may prove useful include usage tracking for Web hosting, accounting and billing, developing user profiles, and data warehousing and mining. The San Diego Supercomputer Center's Pacific Institute for Computer Security (PICS) is also collaborating with CAIDA on the development of algorithms using cflowd to assist in monitorin g network activity throughout an enclave (e.g. identifying hosts running httpd) and for low-bandwidth scanning activities.
"Our current priorities are to finalize testing and initial deployment of this code," Claffy said. "Then we will focus on developing enhanced analysis and visualization capabiliti es for our members." While cflowd's collection and storage modules will be made publicly available, tools that use XRT/PDS software for plotting and graphing will only be available to C AIDA members.
CAIDA's collaborators on the cflowd project include Cisco, for supporting the development and evolution of flow-export functionality on its routers; ANS, the collaborator o n the original ARTS and cflowd code; and Frontier GlobalCenter, who provided assistance in pre-alpha testing. Other organizations participating in alpha testing of this software include: ANS, MCI, Merit, and Verio.