Design And Implementation Of A IPv6 Network Monitoring System Based On Flow Technology

With the rapid development of network, IPv4 address space is more and more insufficient. So those providers that work on Cloud Computing Services is facing severe crisis, because these enterprises may meet all kinds of unexpected emergencies and technical problems in their daily operation of the future, or even can’t accept any new user application. Besides, the development of the Internet makes security problems more and more prominent, and also the new increasing application. Based on the above reasons, IPv6 network can spread rapidly. In order to timely grasp the traffic characteristics of IPv6 network, as well as best allocate IPv6 network bandwidth, schools and enterprises need to timely understand IPv6 network carrying how much business. In this case, IPv6 network monitoring system based on the technology of flow then arises.Flow is a series of data packets with the same attributes that through a particular network observation points. The most common use of flow technology includes Net Flow, s Flow, etc. Commonly, we often define a flow with five tuples(source IP, dest IP, source port, dest port, protocol type). Through the analysis of network flow, can help the network administrator get accurate information of IPv6 network traffic, as well as ensure the normally operate of IPv6 network.This paper is combined with the development of IPv6 network flow monitoring system project. It studies the domestic and foreign development, the implementation, the functional requirements, and the performance requirements of the monitor system. According to the analysis of requirements, this paper completed the design of the receiving, parsing, filtering, aggregating, and aging of IPv6 network log message. The receiving module is mainly aimed at UDP packet reception. It uses the reactor model, task and task communication technology to insert the received message into the message queue. Parsing module includes template message parsing and ordinary sampling parsing. It matches the log fields through defining the XML file format,and puts the matched log loading into the memory, so as to complete the reading of log information. Filtering module is desigened to analysis network, and to avoid useless message impacting on its performance, so we need to develop a filter to discard the logs that we are not care about. Aggregation is the most important part among all of the modules. It includes statistics aggregation and audit aggregation. Statistics aggregation can achieve multi-angle traffic analysis, including interfaces traffic statistics of equipment, host groups traffic statistics and application groups traffic statistics. Audit aggregation makes use of Hash Map combined with Queue to aggregate the logs, thereby helping the administrator find the abnormal information of the network. After aggregation, aging modules export those logs to the the database by setting the timer or water level. Finally, the test results of IPv6 network monitoring system show that the system not only can help customers to acquire 1 minutes flow, application, Top N source host, Top N dest host, Top N session of its interfaces for switch or router, host groups or application groups, also can audit the user’s online behavior, thereby discovering the network bottleneck and preventing network attack.