Traffic monitoring and flow analysis for the campus network

In our well-designed campus network, if the network is suddenly slow, in the teaching time of important data, the response time left to the system administrator is only more than 10 minutes or even a few minutes. Also, the worm's impact on the speed of the network is getting worse, for example, "network Sky" and other mail worms, they cause infected users as long as the internet is non-stop to send e-mail, the virus select the user's personal computer in the random documents attached to the user's address book, through a random address to send mail. Hundreds of such spam messages are queued to be sent out, and some are returned to heap on the server. This has caused a significant congestion in the backbone of the education network, even in the worm-flooded local area network, the paralysis of the incident occurred repeatedly.

Traffic monitoring and flow analysis is an important part of the rationalization of the whole network, it can find the security threat in the shortest time, analyze in the first time, through the traffic analysis to determine the attack, and then issue an early warning, and quickly take measures. How to monitor traffic and limit abnormal traffic on the core network equipment has become a technical issue of concern.

The development of monitoring objects

Connectivity of

Connectivity is also called availability, connectivity, or accessibility, and schools require efficient bandwidth services, and more strictly, the basic capabilities or attributes of network services. For example, the long-distance teaching needs the service such as the broadband connection and the video-on-demand, these must take the network the connection performance as the foundation and the safeguard.

Packet loss rate

The packet loss rate refers to the ratio of the missing IP packet to all IP packets. Many factors can cause packets to be discarded when they are transmitted over the network, such as the size of the packet and the congestion status of the link when the data is sent. The sensitivity of different services to packet loss is different, in multimedia teaching, packet loss is the root cause of image quality reduction and frame breaking.

Delay

A delay defines the time that an IP packet passes through one or more network segments. The delay is composed of two parts, fixed delay and variable delay. The fixed time delay is basically invariable, which is composed of the propagation delay and the transmission delay, and the variable delay is composed of the intermediate router processing delay and the queue waiting delay two parts.

Bandwidth Analysis

Bandwidth is generally divided into bottleneck bandwidth and available bandwidth. Bottleneck bandwidth is the maximum throughput that the network can provide when there is no other background traffic in a path (access). Available bandwidth is the maximum throughput that can be provided to a business if the network path (access) has background traffic.

Protocol analysis

Network traffic for the Protocol division, such as: WEB browsing (HTTP), e-mail (POP3, SMTP, web mail, File download (FTP), instant chat (MSN, QQ, etc.), streaming media (MMS, RTSP) and so on. For different network application protocols for traffic monitoring and analysis, if a certain protocol in a time period of extraordinary consumption of available bandwidth, it is possible that the attack traffic or worm virus appears.

Application of network segment flow analysis

Most schools have different business applications through VLAN to logically isolate, so you can through the flow analysis system for different VLAN for network traffic monitoring.