Title :
Large-scale geolocation for NetFlow
Author :
Celeda, Pavel ; Velan, Petr ; Rabek, Martin ; Hofstede, Rick ; Pras, Aiko
Author_Institution :
Inst. of Comput. Sci., Masaryk Univ., Brno, Czech Republic
Abstract :
The importance of IP address geolocation has increased significantly in recent years, due to its applications in business advertisements and security analysis, among others. Current approaches perform geolocation mostly on-demand and in a small-scale fashion. As soon as geolocation needs to be performed in real-time and in high-speed and large-scale networks, these approaches are not scalable anymore. To solve this problem, we propose two approaches to large-scale geolocation. Firstly, we present an exporter-based approach, which adds geolocation data to How records in a way that is transparent to any How collector. Secondly, we present a How collector-based approach, which adds native geolocation to NetFlow data from any How exporter. After presenting prototypes for both approaches, we demonstrate the applicability of large-scale geolocation by means of use cases. Our prototypes have shown to be scalable enough for deployment on the 10 Gbps Internet connection of the Masaryk University.
Keywords :
IP networks; Internet; telecommunication traffic; IP address geolocation; Internet connection; NetFlow; bit rate 10 Gbit/s; business advertisements; collector based geolocation; exporter based geolocation; large-scale geolocation; security analysis; Data analysis; Databases; Educational institutions; Geology; Google; IP networks; Prototypes;
Conference_Titel :
Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on
Conference_Location :
Ghent
Print_ISBN :
978-1-4673-5229-1
