Author
Benoit Claise
Bio: Benoit Claise is an academic researcher from Cisco Systems, Inc.. The author has contributed to research in topics: IP Flow Information Export & The Internet. The author has an hindex of 19, co-authored 63 publications receiving 2607 citations.
Papers published on a yearly basis
Papers
More filters
01 Oct 2004
TL;DR: This document specifies the data export format for version 9 of Cisco Systems' NetFlow services, for use by implementations on the network elements and/or matching collector programs.
Abstract: This document specifies the data export format for version 9 of Cisco
Systems' NetFlow services, for use by implementations on the
network elements and/or matching collector programs. The version 9
export format uses templates to provide access to observations of IP
packet flows in a flexible and extensible manner. A template defines a
collection of fields, with corresponding descriptions of structure and
semantics. This memo provides information for the Internet community.
933 citations
01 Jan 2008
TL;DR: This document describes how the IPFIX Data and Template Records are carried over a number of transport protocols from an IP FIX Exporting Process to an IPFIX Collecting Process.
Abstract: This document specifies the IP Flow Information Export (IPFIX)
protocol that serves for transmitting IP Traffic Flow information over
the network. In order to transmit IP Traffic Flow information from an
Exporting Process to an information Collecting Process, a common
representation of flow data and a standard means of communicating them
is required. This document describes how the IPFIX Data and Template
Records are carried over a number of transport protocols from an IPFIX
Exporting Process to an IPFIX Collecting Process. [STANDARDS-TRACK]
549 citations
01 Oct 2004
TL;DR: This memo defines requirements for the export of measured IP flow information out of routers, traffic measurement probes, and middleboxes.
Abstract: This memo defines requirements for the export of measured IP flow
information out of routers, traffic measurement probes, and
middleboxes. This memo provides information for the Internet
community.
240 citations
01 Jan 2008
TL;DR: This memo defines an information model for the IP Flow Information eXport (IPFIX) protocol that is used by the IPFIX protocol for encoding measured traffic information and information related to the traffic Observation Point, the traffic Metering Process, and the Exporting Process.
Abstract: This memo defines an information model for the IP Flow Information
eXport (IPFIX) protocol. It is used by the IPFIX protocol for encoding
measured traffic information and information related to the traffic
Observation Point, the traffic Metering Process, and the Exporting
Process. Although developed for the IPFIX protocol, the model is
defined in an open way that easily allows using it in other protocols,
interfaces, and applications. [STANDARDS-TRACK]
123 citations
01 Mar 2009
TL;DR: This memo defines the IP Flow Information eXport (IPFIX) architecture for the selective monitoring of IP Flows, and for the export of measured IP Flow information from an IPFIX Device to a Collector.
Abstract: This memo defines the IP Flow Information eXport (IPFIX) architecture
for the selective monitoring of IP Flows, and for the export of
measured IP Flow information from an IPFIX Device to a Collector. This
memo provides information for the Internet community.
119 citations
Cited by
More filters
••
17 Aug 2008TL;DR: This paper shows how to leverage largely commodity Ethernet switches to support the full aggregate bandwidth of clusters consisting of tens of thousands of elements and argues that appropriately architected and interconnected commodity switches may deliver more performance at less cost than available from today's higher-end solutions.
Abstract: Today's data centers may contain tens of thousands of computers with significant aggregate bandwidth requirements. The network architecture typically consists of a tree of routing and switching elements with progressively more specialized and expensive equipment moving up the network hierarchy. Unfortunately, even when deploying the highest-end IP switches/routers, resulting topologies may only support 50% of the aggregate bandwidth available at the edge of the network, while still incurring tremendous cost. Non-uniform bandwidth among data center nodes complicates application design and limits overall system performance.In this paper, we show how to leverage largely commodity Ethernet switches to support the full aggregate bandwidth of clusters consisting of tens of thousands of elements. Similar to how clusters of commodity computers have largely replaced more specialized SMPs and MPPs, we argue that appropriately architected and interconnected commodity switches may deliver more performance at less cost than available from today's higher-end solutions. Our approach requires no modifications to the end host network interface, operating system, or applications; critically, it is fully backward compatible with Ethernet, IP, and TCP.
3,549 citations
••
TL;DR: The primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack.
Abstract: Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more targets. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks. In this paper, we explore the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack.
1,153 citations
••
19 Sep 2011TL;DR: Frenetic provides a declarative query language for classifying and aggregating network traffic as well as a functional reactive combinator library for describing high-level packet-forwarding policies, which facilitates modular reasoning and enables code reuse.
Abstract: Modern networks provide a variety of interrelated services including routing, traffic monitoring, load balancing, and access control. Unfortunately, the languages used to program today's networks lack modern features - they are usually defined at the low level of abstraction supplied by the underlying hardware and they fail to provide even rudimentary support for modular programming. As a result, network programs tend to be complicated, error-prone, and difficult to maintain.This paper presents Frenetic, a high-level language for programming distributed collections of network switches. Frenetic provides a declarative query language for classifying and aggregating network traffic as well as a functional reactive combinator library for describing high-level packet-forwarding policies. Unlike prior work in this domain, these constructs are - by design - fully compositional, which facilitates modular reasoning and enables code reuse. This important property is enabled by Frenetic's novel run-time system which manages all of the details related to installing, uninstalling, and querying low-level packet-processing rules on physical switches.Overall, this paper makes three main contributions: (1) We analyze the state-of-the art in languages for programming networks and identify the key limitations; (2) We present a language design that addresses these limitations, using a series of examples to motivate and validate our choices; (3) We describe an implementation of the language and evaluate its performance on several benchmarks.
788 citations
••
TL;DR: It is concluded that comparing methods indeed helps to better estimate how good the methods are, to improve the algorithms, to build better datasets and to build a comparison methodology.
640 citations
01 Jan 2008
TL;DR: This document describes how the IPFIX Data and Template Records are carried over a number of transport protocols from an IP FIX Exporting Process to an IPFIX Collecting Process.
Abstract: This document specifies the IP Flow Information Export (IPFIX)
protocol that serves for transmitting IP Traffic Flow information over
the network. In order to transmit IP Traffic Flow information from an
Exporting Process to an information Collecting Process, a common
representation of flow data and a standard means of communicating them
is required. This document describes how the IPFIX Data and Template
Records are carried over a number of transport protocols from an IPFIX
Exporting Process to an IPFIX Collecting Process. [STANDARDS-TRACK]
549 citations