Friday, September 16, 2016

How MIMIC Simulator creates large flow matrices

Traffic matrices have been around for a long time as detailed in this
article. A cell in the matrix denotes a quantity of traffic flowing from a
source to a destination. Partitioning each of the source and destination
dimensions into interesting subsets allows to draw conclusions about
traffic flowing into and out of those subsets. For example, traffic flowing
into and out of a company network, or along geographic or organizational
boundaries.

With the advent of NetFlow and Cisco's NBAR the 2-dimensional source
IP/destination IP (network traffic) matrices have been extended to add
the application dimension: not only do we know how much traffic flows
between network nodes, but also which kind. For example, we can
quantify how much Youtube traffic flows in and out of the company network
vs. plain web-surfing or shopping.

MIMIC NetFlow Simulator can simulate any flow matrix for network
performance and security monitoring. In a vast sea of normal traffic
flows slight deviations can be added deterministically to test and
demonstrate performance monitoring features or security policies.

For example, MIMIC is being used to shape application traffic for
StealthWatch, Scrutinizer, Intermapper, and even in the on-demand
demo cloud for Cisco's dCloud.


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.