ntop 2016 路線圖

ntop 2016 路線圖

2015年是一個充滿活力的年份，咱們得以完善工具，爲社區提供更好的服務。

2016年計劃以下:

 

100 Gbit

正如在2015年咱們已經在PF_RING 中爲40 Gbit提供了支持，2016年將爲100 Gbit提供支持。

 

咱們已經在PF_RING支持Accolade和Napatech 100 Gbit 網卡，可是咱們的計劃是使100 Gbit成爲基本配置，

若是這樣的話不久以後新的Intel Red Rock Canyon 網卡將推出（咱們預計他們最遲在1月或2月），咱們將在PF_RING中提供支持。

這些新式網卡很是被關注的特性是它能夠支持多種速率如10／25/40/100 Gbit ,它能夠融合以太網交換機，

咱們計劃／但願能夠用來卸載一些使用主CPU的任務。

除了 Intel RRC以外，咱們將對額外的100Gbit網卡提供支持，例如InveaTech 100Gbit 網卡。

 

nProbe Cento

正如過去這些年從支持1Gbit到10Gbit的工做,100 Gbit的挑戰不只僅意味着更多速率，而是一次全面的應用程序重構。

 

得益於算法革新和成熟的PF_RING ZC框架，咱們但願能推出100Gbit和多種10Gbit的監測產品。

基於這些緣由，在下週舉辦的Flocon會議上，咱們將把新版本的nProbe命名爲cento,它能夠在一臺標準的Intel架構服務器上分析100Gbit 流。

 

這一改進已經可讓咱們用一個單核CPU應付10 Gbit流量（500k入口併發流 14.88 Mpps）,這就意味着你能使用一臺低於1000美圓的Intel E3 服務器上完成40Gbit netflow檢測。

 

流監測和安全

上個11月在Suricate會議上，咱們已經演示了PF_RING可以成功爲應用程序加速，例如Suricata，Snort和 Bro。

一般人們但願同時進行流可視化（在流量100%的狀況下），在選定流量上運行IDS（入侵檢測系統）（例如加密流量），

在cento中咱們已經構建、運行驗證過確實能夠這樣作。

 

這一特性提升IDS在高速率場景下的可擴展性（目前IDS僅能勉強支持10Gbit），避免讓IDS花費沒必要要的時間分析不感興趣的流量（例如YouTube和Netflix的流量）。

 

ntopng

 

在當前的ntopng開發版本中，咱們已經徹底支持Nagios,支持相似Nfsen的過濾機制（很快咱們針對這一特性發布公告）。

 

今年咱們但願使Ntopng和pfsense融合，以實現基於防火牆的流量分類，能夠選擇性拋棄、增長流量分類（例如社交網絡，新聞，商業等）

 

這樣咱們就能夠拋棄或者設定流量優先級，不只基於應用協議，還能夠基於信息內容。

 

對咱們的大多數用戶來講，另外一個感興趣的方面，是能夠按類別選擇流量和選擇哪些用戶能夠訪問這些信息的功能（例如社交網絡，運動，聊天等）；

對學校和兒童而言，對這一特性特別感興趣，這使得不合適的內容能夠被過濾。

 

大致上咱們但願在新階段推出v2版本的時候，提高ntopng的性能，使這個工具變得更加靈活。

 

 低成本

正如咱們的用戶所知，ntop的主要目標之一就是使得過去很是昂貴的事情變得廉價。

這些年咱們但願可使ntopng/n2disk/nprobe融合在一塊兒,知足從小型網絡到大型企業的須要，構建一個簡單、用戶友好的系統（並非全部的模塊都是必須的，最低限度只須要ntopng)

人們能夠本身構建一個基於ntop軟件的網絡傳感器，持續地監控他們的網絡活動。

 

在當前ntopng的 git 開發分支上你已經能夠預覽到新特性：具有解析pcap包的能力，結合了流搜索，數據存儲基於MySQL。

 

等到參加2016年FloCon會議的時候，咱們將在星期三 下午5:30安排一個 ntop專題，屆時咱們將詳細介紹有關路線圖的更多細節。

 

敬請期待!

 

ntop 2016 Roadmap

2015 has been a year full of activities that allowed us to consolidate our tools and thus provide a better service to the community. In 2016 the plan is the following:

1. 100 Gbit
   As in 2015 we have added support for 40 Gbit in PF_RING, 2016 will be the year of 100 Gbit. We already support the Accolade and Napatech 100 Gbit NICs in PF_RING, but the plan is to make 100 Gbit commodity, and thus as soon as the new Intel Red Rock Canyon adapters will be available (we expect them Jan or Feb at latest) we will support them in PF_RING. This new adapter is very interesting as it supports various speeds 10/25/40/100 Gbit and it integrates an ethernet switch that we plan/hope to use to offload some tasks to the adapter instead of using the main CPU. In addition to Intel RRC we are adding support of additional 100Gbit adapters such as InveaTech 100Gbit adapters.

2. nProbe Cento
   As happened years ago when moving from 1 Gbit to 10 Gbit, the 100 Gbit challenge does not mean just more speed but it is a complete redesign of applications. Thanks to innovation in computing and to a mature PF_RING ZC framework, we want yo make 100 Gbit and multi-10Gbit monitoring commodity. For this reason next week at the Flocon conference, we will present a new version of nProbe named cento, that it is able to generate flows at 100 Gbit on a standard Intel-based server. This efficiency has allowed us to handle 10 Gbit of traffic (500k concurrent flows with ingress traffic of 14.88 M pps) on a single CPU core, that means for instance that you can do 40 Gbit netflow monitoring using a sub 1000$ Intel E3 server.

3. Flow monitoring and Security
   Last november at the Suricata conference, we have demonstrated for PF_RING can successfully accelerate applications such as Suricata, Snort and Bro. As often people want to have both flow evidence (on 100% of traffic) and run IDS on selected traffic (e.g. all but encrypted traffic), in cento we have built and engine that allows to do exactly this. This will promote IDS scalability (currently they can hardly handle 10 Gbit) at higher speeds while avoiding spending un-necessary time analysing not interesting traffic for an IDS (e.g. YouTube or Netflix traffic).

4. ntopng
   In the current development version of ntopng, we have implemented full Nagios support and supported nfsen-like filtering (soon we’ll add a post about it). This year we want to integrate ntopng with pfsense for classifying traffic that the firewall can then selectively drop, add traffic categorisation (e.g. divide traffic in categories such as social network, news, business…) so that we can drop/prioritise traffic not only based on application protocols but also based on information content. Another area of interest for most of our users, is the ability to classify traffic in categories (e.g. social network, sport, chat, …)  and decide what users can access what information; this is particularly interesting for schools and children so that inappropriate content is blocked. In essence we want to extend ntopng inline capabilities introduced with v2 to the next level to make this tool even more flexible.

5. Affordable Sensors Everywhere
   As our users know, one of the main ntop goals has been to make commodity what used to be very expensive. This year we want to combine ntopng/n2disk/nprobe (not all components will be necessary, the minimum is ntopng) to create a simple and user-friendly system able to serve needs of small networks as of a large enterprise. People should be able to permanently monitor their network activities by building themselves a network sensor based on the ntop software. In the current ntopng git development branch you can already see a preview of pcap-extraction capability integrated with flow-search stored by ntopng int MySQL.

For those attending the FloCon 2016 conference, we will organise a ntop BoF Wedn at 5.30PM where  we will cover this roadmap more in detail.

Stay tuned! 

更多精彩內容，請訪問https://riboseyim.github.io
掃碼關注公衆號：@睿哥雜貨鋪