CESNET Successfully Contributing to the Development of an Internet Infrastructure for Passive Monitoring

The European project LOBSTER involving specialists from CESNET successfully passed the second annual evaluation performed by independent external experts. LOBSTER is one of the highly focused projects (Specific Support Action), co-financed from the resources of the European Union within the framework research program FP6 in the area of IST (Information Society Technologies). Its objective is to create the means for passive monitoring in multi-gigabit networks and to implement it in the Internet infrastructure in a distributed way.

Network monitoring helps service providers monitor performance characteristics of the traffic in their networks, allowing them to sustain the service level agreed with their customers as well as to optimally utilize the available network capacity. Moreover, network monitoring addresses security requirements thanks to the timely detection of security attacks based on unusual network traffic (detection of viruses and worms, detection of network intrusions, detection of DoS – Denial of Service – attacks). In addition, network monitoring enables an early response to attacks preventing them from spreading massively over the Internet. Passive monitoring (unlike the invasive active monitoring) on a continuous basis only monitors the operation from outside, without an increase of the network load, and can monitor characteristics of the real user traffic. Even a standard PC with a network interface (Ethernet adaptor in the promiscuous mode) is sufficient to monitor networks up to 1 Gbps. However, higher transfer speeds require specialized tools.

LOBSTER as a successor to the SCAMPI Project

The LOBSTER project (Large Scale Monitoring of Broadband Internet Infrastructure) utilizes a hardware-accelerated platform (COMBO cards, i.e. PCI-based programmable adaptors, of a Czech origin) for passive monitoring of high-speed networks, developed within the SCAMPI (Scaleable Monitoring Platform for the Internet) and Liberouter projects. The CESNET association has participated both in the SCAMPI and LOBSTER projects together with partners from Belgium, the Netherlands, Norway and Greece.

LOBSTER has extended functions of SCAMPI for remote monitoring (DiMAPI middleware – Distributed Monitoring API), setting the ambitious goal of implementing a pilot pan-European infrastructure of monitoring nodes based on the SCAMPI platform. Sensors have been gradually installed in Europe (ten monitoring stations are now in operation in the CESNET2 network). Every sensor receives complete traffic from a specific monitored link (between switches, routers or firewalls).

To implement a sensor in a network that would like to join the LOBSTER infrastructure or utilize projects results for its own purposes, it is necessary to first install the required software, developed within the project (anonymization policy support, communication protocol, traffic measurement daemons). From a hardware point of view, a dedicated PC with decent performance is needed plus a network adaptor for every monitored link (common gigabit NIC, COMBO card or DAG). The only software requirement is the Linux OS as the remaining software can be downloaded from the LOBSTER website.

Packet monitoring cannot be performed without ensuring the privacy of users through so-called packet anonymization (e.g. source and target IP address encryption and data content removal). Last year, CESNET developed a method for hardware packet anonymization at the network and transport layers, implementing the method in FPGA (Field-Programmable Gate Array) on the COMBO card platform (also developed in the CESNET association). The advantage of having the anonymization done in the monitoring adaptor, in comparison to the classic software solution, is the lower load on the central processor and higher credibility of the entire anonymization process as the sensitive data do not leave the monitoring adaptor. Anonymization at higher layers is performed using software functions by authorized users according to their needs. LOBSTER thus provides users with flexible anonymization mechanisms, not a predefined policy.

CESNET is also responsible for the liaison of the LOBSTER project and the GN2 project, responsible for developing the pan-European multi-gigabit research network GÉANT2. Within this cooperation, CESNET has designed the ABW application (Available BandWidth), monitoring the link capacity utilization and distribution of data flows per protocol at transport or application layer.

The 34-month LOBSTER project is indeed practically-oriented. To achieve the full potential of the developed pan-European passive monitoring infrastructure, network administrators from the private sector as well as ISPs need to get involved. The success of the project should also be positively influenced by the active participation of SYMANTEC, a leading supplier of Internet security solutions.

The CESNET Association was founded by universities and the Academy of Sciences of the Czech Republic. The Association is currently financed mainly from the resources of the governmental Committee for Research and Education and the resources of the Association members. The Association concentrates on the research and development in the area of information and communication technologies as well as building and developing the national gigabit optical network, CESNET2, designed for research and educational use. Thanks to its research activities and accomplishments, the CESNET Association represents the Czech Republic in the project for implementing pan-European GÉANT2 network and other international projects.