Download
1 / 1
10 likes | 101 Views
Dist Tier. Client. anno: X. iBox. iBox. iBox. An Annotation Layer for Network Management. George Porter, Randy H. Katz. A-Layer Network Management Principles. Overview. Motivating Example. DNS. High speed links, distributed services, can’t modify routers Lack of visibility
E N D
Dist Tier Client anno: X iBox iBox iBox An Annotation Layer for Network Management George Porter, Randy H. Katz A-Layer Network Management Principles Overview Motivating Example DNS • High speed links, distributed services, can’t modify routers • Lack of visibility • But, need for more visibility and control • Increased number and complexity of network services • Unexpected Traffic Patterns • Legitimate: new apps, flash traffic • Illegitimate: worms, viruses, misconfiguration (Mextreme) • Complex traffic/server interactions • Need to protect good traffic in this environment FTP R NFS R Web IS IC • Network-wide visibility despite surges/overload/high loss rates • Low overhead • Path statistics gathering • Some protocol visibility (TCP, IP, Services like DNS, NFS) • Need to discover • Changes to request-reply rate, completions, latency over time • Correlations between different flows, protocols, parts of the network • New policies (Actions) • For experimental intervention (root cause discovery) • To protect good traffic • BW shaping, blocking, scheduling, fencing, selective drop • Security • Against non-operators using this infrastructure • Against DoS attacks SMTP DNS DNS ISP Ingress Server tier R II • Problem: • Users in the access tier complain of slow web access, can’t mount files, and “DNS operation timed out messages” • Network Management Approach: • Is the problem isolated to one client? To one service? • Tools to discover problem: e.g., correlation between SMTP traffic from ISP ingress and excessive load on name service • Experimental intervention to confirm relationship • Ability to add new policy for redirection and request throttling Observations • Network topology, link dynamics, traffic volume • Standard protocols (TCP, UDP), standard services (NFS, DNS), rates, request/response completion rate, latency, RTT, network load • Sources/sinks of traffic, inside-vs-outside Actions Analysis • Alerting operators • SNMP traps when anomalous amount of traffic seen • Acts as distributed monitoring system for path- and session statistics • Experimental intervention • Ability to affect unknown traffic and test result on good traffic • Traffic management • BW shaping, policing, fencing, selective drop, scheduling, prioritization, network-level redirection • Network statisics: • Flow rates, protocol mixtures, top-talkers graph, “network hotspots” • Correlations: • Surge in one type of traffic correlated with drop in another • Relationship between “good” network services and “unknown” traffic • Unusual behavior (change in mean) • Is a network service seeing unusually low or high number of requests? Research Challenges And Opportunities A-Layer Piggybacking Annotation Structure and Security • Need for network-wide visibility despite traffic surges and network stress • We encode annotations that are removable and do not reach endhosts • These annotations are embedded in the flows they describe, saving overhead and router resources • Annotations result in path-wide context accompanying packets along their network path to other iBoxes where it is needed • The A-Layer can enable a distributed, network-wide observation platform • This enables statistics gathering, correlation discovery, path- and session statistic gathering • iBoxes can utilize the A-Layer for experimental intervention and new policy implementation • Through network-level actions such as bandwidth shaping and fencing • Hope is to protect good traffic during periods of network stress • We can leverage IPsec standards to distribute shared secrets to each iBox • For authenticating annotations, we can rely on an HMAC message authentication field • Annotations are stackable
