In a few days, Hari will take off, bound for India and SANOG41, taking place from April 29-30 in Mumbai. We are excited to be sponsoring the event for the very first time and can’t wait to meet up with the South Asian network operations and communications services community.
Will we see you there?
Berlin, Germany, March 12, 2024 – Cologne-based internet provider NetCologne has chosen BENOCS to intelligize the network analytics for its IP-network.
With BENOCS’ help, NetCologne plans to optimize their network traffic, saving costs and further increasing satisfaction among their 485,000-strong customer base throughout the Cologne-Bonn-Aachen region in North Rhine Westphalia.
Michael Adams, Network Engineer at NetCologne: “The tool provided by BENOCS gives us an excellent platform for analyzing and optimizing our network traffic. We are constantly seeing an increasing volume of data produced by our customers and digital applications like AI will only support this development in the future. Therefore, we are looking forward to the new insights we will gather. BENOCS has an outstanding support with implementation and customization. Another reason for our choice was the ongoing development.”
Stephan Schroeder, CEO of BENOCS: “We are honored to have NetCologne on board and are excited to witness exactly how they will utilize BENOCS Analytics to optimize their network traffic. We are confident BENOCS is the perfectly fitting solution for such a modern and thriving company.”
Nomios Germany, experts for IT networks and cyber security in the DACH region (Germany, Austria, Switzerland), will help NetCologne to integrate BENOCS Analytics into their network.
“We are very excited to collaborate with NetCologne, as one of the leading regional internet providers, and BENOCS, with their powerful Analytics tool. This project is a great example of our approach to proactively consult our customers and help them with finding the right solutions and integrating these in their existing infrastructure.” (Thorben Schnittger, Account Manager Nomios Germany)
With half a million customer connections, NetCologne is one of the largest regional telecommunications providers in Germany. The company offers private and business customers as well as the housing industry future-proof communication technology via its own high-performance fiber-optic network. With around 30,000 kilometres laid and an annual investment in the double-digit million range, the Cologne-based provider is thus driving digitalisation in the region beyond the urban cities.
In addition to traditional telephony, Internet, mobile communications and TV services, the product range also includes professional IT and data center services for companies.
Nomios Germany, a subsidiary of the Nomios Group, is a leading European provider of cyber security and secure network solutions and services. The company develops, secures and manages digital infrastructures around the globe for companies, service providers, telecommunications companies, hospitals and public sector clients of all sizes. With the help of state-of-the-art solutions and services, Nomios Germany creates the basis for a secure and flourishing digital economy and society. By developing, implementing, operating, maintaining and managing best-of-breed solutions, Nomios Germany enables its customers to drive innovation and value creation by bringing agility and flexibility to organizations. Nomios has the most experienced, loyal and certified pool of experts and maintains strategic partnerships with leading technology providers, including Palo Alto Networks, Juniper Networks, Cisco, Fortinet or F5.
BENOCS GmbH – a spin-off of Deutsche Telekom – is a small company with big plans to revolutionize the way network traffic is managed. Their intelligent and fully automated solutions fit networks of any size and provide ISPs as well as CDNs strategic ways of coping with growing network traffic. With BENOCS Analytics, network operators, transit and wholesale carriers, Hosting and CDNs gain end-to-end visibility of their entire traffic flows. More information at www.benocs.com and on LinkedIn.
From March 5-7, Péter will be in Krakow for Peering Days and is looking forward to catching up with all of you in the Peering community. Reach out to him or us if you’d like to arrange a meeting – or even just have a coffee.
Big news! For the first time ever, BENOCS is a proud sponsor of APRICOT! From February 27 until March 1, we will be in Bangkok, Thailand, with our good friends MarvelTec and can’t wait to find out what’s happening in the APNIC community. Stephan and Hari will on the ground all day every day to answer all your burning questions about BENOCS Analytics.
See you then!
It’s NANOG time! Next week Hari is off to Charlotte, USA, to attend NANOG 90. Get in touch with us or him directly to arrange a meeting to find out about the latest at BENOCS.
Today’s internet revolves more around applications and less around networks. An interesting example of this current application-oriented approach is a global outage this year[1]. Nobody remembers that AS13414 reported a down, however, many people remember that X (formerly Twitter) had slowdowns and outages affecting many international users.
In this context, network players (e.g., ISPs) have been trying for decades to understand how application traffic is delivered to end-users. Existing tools are limited and only DPI (Deep Packet Inspection) has been the dominant technology to provide such insight; however, this faces increasing challenges with encryption and scaling.
In this post, we present a BENOCS implementation of a DNS-based correlation framework, called DNS Flow Analyzer (DFA), to annotate and classify the traffic flows with information about applications (e.g., TikTok, Disney+, AmazonPrime, DAZN) and CDN domains (e.g., fastly.net, akamai.net, cloudfront.net). This novel solution allows network providers to expand their traditional network-oriented view with an application-oriented view.
A few decades ago, content providers were building big data centers to serve different Internet-based applications to end-users. In recent years, however, Content Delivery Networks (CDNs) are being used to convey the increasing demands for online applications (including video, gaming, and social networks). These media contents, riding on the top of the network, are known as Over-The-Top applications (OTT-Applications) and they use globally distributed CDNs for sending their content. Currently, large content providers leverage more than one CDN and CDNs also convey traffic of multiple OTT-Applications.
In order to work efficiently, network operators need better knowledge on how traffic from the CDNs and OTT-Applications is delivered to their end-users. However, they have historically focused on obtaining information only about Autonomous Systems (ASes), transit providers, and peers. This network-oriented approach is not enough to answer one key question: how do OTT-Applications use the different CDN domains to distribute their traffic?
Answering the above question has been a daunting task for network actors. Existing network-focused solutions such as legacy flow tools or DPI are limited in tying traffic information to individual applications. The latter also becomes increasingly inefficient due to encryption and requires a ridiculous amount of hardware, especially working on a large scale.
At BENOCS, we have developed a methodology that includes the analysis, design, and implementation of an application identification system called DNS Flow Analyzer (DFA). DFA annotates and extends the traffic flows with domain name information, so that two new layers are effectively obtained: (i) OTT-Application domain and (ii) CDN domain.
Specifically, we propose a large-scale real-time network data correlation system that uses a set of different data sources (e.g. Netflow, BGP) but mainly it feeds on DNS streams to obtain multi-dimensional traffic information. As a result, we obtain an application-oriented view to identify how a source OTT-Application (e.g. Disney+) is delivering traffic to a network using different CDN domains (e.g., akamai.net, cloudfront.net).
The high-level DFA architecture and entire workflow rely on two developed components:
1.1) Live DNS records are classified in two lists (i) DNS A/4A to map an IP address to a domain name, and (ii) DNS CNAME to map a domain name to another domain name.
1.2) In parallel, live Netflow records are captured at the network ingress interfaces. Each Netflow record contains, among others, timestamp, srcIP, dstIP, bytes, etc.
1.3) DFA looks for the srcIP of a Netflow record in the DNS A/4A list to find the domain name it corresponds to (using getName(IP)). Then, looking at the DNS CNAME list, DFA searches for the previous domain name to find the CNAME it corresponds to (using getName(Name)). The search in the CNAME list continues until no further domain names are found (or a pre-defined loop limit is reached).
2.1) DNS-Netflow data is correlated with BGP to gain more knowledge about the traffic paths (source AS, handover AS, nexthop AS, and destination AS).
2.2) Regarding the CDN domain, getCDN() function uses the first URL in the list of domain names and selects the second-level domain (2LD) and top-level domain (TLD). In case of the latter, this component makes use of the Public Suffix List (PSL) database[2] published by Mozilla.
2.3) This second lookup goes through the list of domain names to obtain an OTT-Application. The getAPP() function uses a URL-APP database to associate a specific domain name or URL to the OTT-Application it belongs to (e.g., dssott.com is for Disney+, pv-cdn.net is for AmazonPrime, etc.). This URL-APP is a customized/curated list that continually evolves as new sources are discovered.
DFA correlates flow and DNS data to see where the network traffic originates. It identifies CDN domains and OTT-Applications within the source AS based on DNS A/CNAME records pairing. This novel and future-proof way to identify applications can be typically used by:
Get in touch with us if you’d like to learn more about DNS Flow Analyzer and see it in action!
It’s happening! Next week we are off to RIPE 87 in the ancient city of Rome. Stephan, Ingmar, Hari and Falk are all looking forward to catching up with and finding out the latest from the networking community. Find out the latest from them about BENOCS Analytics!
Next week we are travelling to…. Berlin! 🥳😆
Péter, Hari, Phillip and our newest team member, Aitor Mendaza-Ormaza, will be travelling all the way across town to the Estrel Convention Center to attend DENOG15.
There Hari will present on the topic of Private Relay services, posing the question “Do they really work?” and giving some insights from an access-network perspective.
Be sure to check it out and say hi to the lads when you see them. 👋
Have a look at the full agenda here: https://lnkd.in/eYSSvS48
Come and meet us at IEEE NFV-SDN next week in Dresden, where Ingmar Poese and Danny A. Lachos will give a demo entitled:
“𝘋𝘕𝘚 𝘍𝘭𝘰𝘸 𝘈𝘯𝘢𝘭𝘺𝘴𝘦𝘳 (𝘋𝘍𝘈): 𝘈 𝘋𝘕𝘚-𝘣𝘢𝘴𝘦𝘥 𝘊𝘰𝘳𝘳𝘦𝘭𝘢𝘵𝘪𝘰𝘯 𝘚𝘺𝘴𝘵𝘦𝘮 𝘵𝘰 𝘊𝘭𝘢𝘴𝘴𝘪𝘧𝘺 𝘊𝘋𝘕 𝘋𝘰𝘮𝘢𝘪𝘯𝘴 𝘢𝘯𝘥 𝘖𝘛𝘛-𝘈𝘱𝘱𝘭𝘪𝘤𝘢𝘵𝘪𝘰𝘯𝘴”.
Danny is also part of the Technical Program Committee of the Doctoral Symposium (a co-located event): https://lnkd.in/giHM6fhr
Take a look at the full agenda here: https://lnkd.in/eQp_Upz3
From November 4, Andreas Henning will be in Prague for IETF 118. He’ll be there for the whole week, on November 6 Ingmar Poese and Danny A. Lachos will also join him for the day.
Take a look at the full agenda here: https://lnkd.in/enEDgFGn
