An Annotation Layer for Network Management

1
An Annotation Layer for Network Management
George Porter, Randy H. Katz
A-Layer Network Management Principles
Overview
Motivating Example
DNS

• High speed links, distributed services, cant
  modify routers
• Lack of visibility
• But, need for more visibility and control
• Increased number and complexity of network
  services
• Unexpected Traffic Patterns
• Legitimate new apps, flash traffic
• Illegitimate worms, viruses, misconfiguration
  (Mextreme)
• Complex traffic/server interactions
• Need to protect good traffic in this environment

FTP
NFS
R
R
Web
IS
IC

• Network-wide visibility despite
  surges/overload/high loss rates
• Low overhead
• Path statistics gathering
• Some protocol visibility (TCP, IP, Services like
  DNS, NFS)
• Need to discover
• Changes to request-reply rate, completions,
  latency over time
• Correlations between different flows, protocols,
  parts of the network

• New policies (Actions)
• For experimental intervention (root cause
  discovery)
• To protect good traffic
• BW shaping, blocking, scheduling, fencing,
  selective drop
• Security
• Against non-operators using this infrastructure
• Against DoS attacks

SMTP
DNS
DNS
ISP Ingress
Server tier
R
II

• Problem
• Users in the access tier complain of slow web
  access, cant mount files, and DNS operation
  timed out messages
• Network Management Approach
• Is the problem isolated to one client? To one
  service?
• Tools to discover problem e.g., correlation
  between SMTP traffic from ISP ingress and
  excessive load on name service
• Experimental intervention to confirm
  relationship
• Ability to add new policy for redirection and
  request throttling

Observations

• Network topology, link dynamics, traffic volume
• Standard protocols (TCP, UDP), standard services
  (NFS, DNS), rates, request/response completion
  rate, latency, RTT, network load
• Sources/sinks of traffic, inside-vs-outside

Actions
Analysis

• Alerting operators
• SNMP traps when anomalous amount of traffic seen
• Acts as distributed monitoring system for path-
  and session statistics
• Experimental intervention
• Ability to affect unknown traffic and test
  result on good traffic
• Traffic management
• BW shaping, policing, fencing, selective drop,
  scheduling, prioritization, network-level
  redirection

• Network statisics
• Flow rates, protocol mixtures, top-talkers
  graph, network hotspots
• Correlations
• Surge in one type of traffic correlated with
  drop in another
• Relationship between good network services and
  unknown traffic
• Unusual behavior (change in mean)
• Is a network service seeing unusually low or
  high number of requests?

Research Challenges And Opportunities
A-Layer Piggybacking
Annotation Structure and Security

• Need for network-wide visibility despite traffic
  surges and network stress
• We encode annotations that are removable and do
  not reach endhosts
• These annotations are embedded in the flows they
  describe, saving overhead and router resources
• Annotations result in path-wide context
  accompanying packets along their network path to
  other iBoxes where it is needed

• The A-Layer can enable a distributed,
  network-wide observation platform
• This enables statistics gathering, correlation
  discovery, path- and session statistic gathering
• iBoxes can utilize the A-Layer for experimental
  intervention and new policy implementation
• Through network-level actions such as bandwidth
  shaping and fencing
• Hope is to protect good traffic during periods
  of network stress

• We can leverage IPsec standards to distribute
  shared secrets to each iBox
• For authenticating annotations, we can rely on
  an HMAC message authentication field
• Annotations are stackable