An Annotation Layer for Network Management - PowerPoint PPT Presentation

1 / 1
About This Presentation
Title:

An Annotation Layer for Network Management

Description:

High speed links, distributed services, can't modify routers. Lack ... SMTP traffic from ISP ingress and excessive load on name ... ISP Ingress. iBox. iBox ... – PowerPoint PPT presentation

Number of Views:16
Avg rating:3.0/5.0
Slides: 2
Provided by: georgep6
Category:

less

Transcript and Presenter's Notes

Title: An Annotation Layer for Network Management


1
An Annotation Layer for Network Management
George Porter, Randy H. Katz
A-Layer Network Management Principles
Overview
Motivating Example
DNS
  • High speed links, distributed services, cant
    modify routers
  • Lack of visibility
  • But, need for more visibility and control
  • Increased number and complexity of network
    services
  • Unexpected Traffic Patterns
  • Legitimate new apps, flash traffic
  • Illegitimate worms, viruses, misconfiguration
    (Mextreme)
  • Complex traffic/server interactions
  • Need to protect good traffic in this environment

FTP
NFS
R
R
Web
IS
IC
  • Network-wide visibility despite
    surges/overload/high loss rates
  • Low overhead
  • Path statistics gathering
  • Some protocol visibility (TCP, IP, Services like
    DNS, NFS)
  • Need to discover
  • Changes to request-reply rate, completions,
    latency over time
  • Correlations between different flows, protocols,
    parts of the network
  • New policies (Actions)
  • For experimental intervention (root cause
    discovery)
  • To protect good traffic
  • BW shaping, blocking, scheduling, fencing,
    selective drop
  • Security
  • Against non-operators using this infrastructure
  • Against DoS attacks

SMTP
DNS
DNS
ISP Ingress
Server tier
R
II
  • Problem
  • Users in the access tier complain of slow web
    access, cant mount files, and DNS operation
    timed out messages
  • Network Management Approach
  • Is the problem isolated to one client? To one
    service?
  • Tools to discover problem e.g., correlation
    between SMTP traffic from ISP ingress and
    excessive load on name service
  • Experimental intervention to confirm
    relationship
  • Ability to add new policy for redirection and
    request throttling

Observations
  • Network topology, link dynamics, traffic volume
  • Standard protocols (TCP, UDP), standard services
    (NFS, DNS), rates, request/response completion
    rate, latency, RTT, network load
  • Sources/sinks of traffic, inside-vs-outside

Actions
Analysis
  • Alerting operators
  • SNMP traps when anomalous amount of traffic seen
  • Acts as distributed monitoring system for path-
    and session statistics
  • Experimental intervention
  • Ability to affect unknown traffic and test
    result on good traffic
  • Traffic management
  • BW shaping, policing, fencing, selective drop,
    scheduling, prioritization, network-level
    redirection
  • Network statisics
  • Flow rates, protocol mixtures, top-talkers
    graph, network hotspots
  • Correlations
  • Surge in one type of traffic correlated with
    drop in another
  • Relationship between good network services and
    unknown traffic
  • Unusual behavior (change in mean)
  • Is a network service seeing unusually low or
    high number of requests?

Research Challenges And Opportunities
A-Layer Piggybacking
Annotation Structure and Security
  • Need for network-wide visibility despite traffic
    surges and network stress
  • We encode annotations that are removable and do
    not reach endhosts
  • These annotations are embedded in the flows they
    describe, saving overhead and router resources
  • Annotations result in path-wide context
    accompanying packets along their network path to
    other iBoxes where it is needed
  • The A-Layer can enable a distributed,
    network-wide observation platform
  • This enables statistics gathering, correlation
    discovery, path- and session statistic gathering
  • iBoxes can utilize the A-Layer for experimental
    intervention and new policy implementation
  • Through network-level actions such as bandwidth
    shaping and fencing
  • Hope is to protect good traffic during periods
    of network stress
  • We can leverage IPsec standards to distribute
    shared secrets to each iBox
  • For authenticating annotations, we can rely on
    an HMAC message authentication field
  • Annotations are stackable
Write a Comment
User Comments (0)
About PowerShow.com