SONATA: Scalable Streaming Analytics for Network Monitoring

Slides:

Advertisements

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Advertisements

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Data Mining Challenges for Network Management Nick Feamster, Georgia Tech Dave Andersen, CMU (joint with Jay Lepreau and Emulab)

Challenges in Making Tomography Practical

1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.

Network Security Highlights Nick Feamster Georgia Tech.

The Platform as a Service Model for Networking Eric Keller, Jennifer Rexford Princeton University INM/WREN 2010.

Frenetic: A High-Level Language for OpenFlow Networks Nate Foster, Rob Harrison, Matthew L. Meola, Michael J. Freedman, Jennifer Rexford, David Walker.

New Directions in Traffic Measurement and Accounting Cristian Estan – UCSD George Varghese - UCSD Reviewed by Michela Becchi Discussion Leaders Andrew.

SDX: A Software-Defined Internet Exchange

Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.

OpenSketch Slides courtesy of Minlan Yu 1. Management = Measurement + Control Trafﬁc engineering – Identify large traffic aggregates, traffic changes.

USING PACKET HISTORIES TO TROUBLESHOOT NETWORKS Presented by: Yi Gao Emnets Seminar

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

Chapter 10: Stream-based Data Management Title: Design, Implementation, and Evaluation of the Linear Road Benchmark on the Stream Processing Core Authors:

Microprocessors Introduction to ia64 Architecture Jan 31st, 2002 General Principles.

1 Different Strokes for Different Folks (Or, How I Learned to Stop Worrying and Love Virtualization) Jennifer Rexford, Princeton University Joint work.

A Routing Control Platform for Managing IP Networks Jennifer Rexford Princeton University

Backbone Support for Host Mobility: A Joint ORBIT/VINI Experiment Jennifer Rexford Princeton University Joint work with the ORBIT team (Rutgers) and Andy.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Module 1: Reviewing the Suite of TCP/IP Protocols.

Virtualized FPGA accelerators in Cloud Computing Systems

Software-Defined Networks Jennifer Rexford Princeton University.

Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.

Dynamic Reconfiguration Dynamic selection of handler functionality: currently through use of parameterizable handlers or by selecting from a set of existing.

1 Liquid Software Larry Peterson Princeton University John Hartman University of Arizona

Networking Functions of windows NT Sever

Time Parallel Simulations II ATM Multiplexers and G/G/1 Queues.

Cisco S2 C4 Router Components. Configure a Router You can configure a router from –from the console terminal (a computer connected to the router –through.

SDN Dev Group, Week 3 Aaron GemberAditya Akella University of Wisconsin-Madison 1 Floodlight Controller; Application Wishlist.

MapReduce Kristof Bamps Wouter Deroey. Outline Problem overview MapReduce o overview o implementation o refinements o conclusion.

Integrating Scale Out and Fault Tolerance in Stream Processing using Operator State Management Author: Raul Castro Fernandez, Matteo Migliavacca, et al.

SDX: A Software-Defined Internet eXchange Jennifer Rexford Princeton University

13 May 2004EB/TB Middleware meeting Use of R-GMA in BOSS for CMS Peter Hobson & Henry Nebrensky Brunel University, UK Some slides stolen from various talks.

INNOV-10 Progress® Event Engine™ Technical Overview Prashant Thumma Principal Software Engineer.

Programming Languages for Software Defined Networks Jennifer Rexford and David Walker Princeton University Joint work with the.

Network Computing Laboratory A programming framework for Stream Synthesizing Service.

Standards Activities on Traffic Measurement. 2 Outline Applications requiring traffic measurement Packet capturing and flow measurement Existing protocols.

CS 351/ IT 351 Modeling and Simulation Technologies HPC Architectures Dr. Jim Holten.

Reconfigurable Communication Interface Between FASTER and RTSim Dec0907.

DataLines a framework for building steaming data applications Mike Haberman Senior Software/Network Engineer

(re)-Architecting cloud applications on the windows Azure platform CLAEYS Kurt Technology Solution Professional Microsoft EMEA.

ISDX: An Industrial-Scale Software-Defined IXP Arpit Gupta Princeton University Robert MacDavid, Rüdiger Birkner, Marco Canini,

COMP7330/7336 Advanced Parallel and Distributed Computing MapReduce - Introduction Dr. Xiao Qin Auburn University

Fermilab Scientific Computing Division Fermi National Accelerator Laboratory, Batavia, Illinois, USA. Off-the-Shelf Hardware and Software DAQ Performance.

IncApprox The marriage of incremental and approximate computing Pramod Bhatotia Dhanya Krishnan, Do Le Quoc, Christof Fetzer, Rodrigo Rodrigues* (TU Dresden.

Road to SDN Review the main features of SDN

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 12: Planning and Implementing Server Availability and Scalability.

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

Jennifer Rexford Princeton University

Streaming Analytics & CEP Two sides of the same coin?

A registry for IPPM metrics

Parallel Databases.

Applying Control Theory to Stream Processing Systems

The Client/Server Database Environment

© 2002, Cisco Systems, Inc. All rights reserved.

SONATA: Query-Driven Network Telemetry

Flexible and Scalable Systems for Network Management

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

Sonata Query-driven Streaming Network Telemetry

Enabling Innovation Inside the Network

Data Path through host/ANP.

Chapter 10 IGMP Prof. Choong Seon HONG.

Sonata: Query-Driven Streaming Network Telemetry

Lu Tang , Qun Huang, Patrick P. C. Lee

Intrusion Detection Systems

Elmo Muhammad Shahbaz Lalith Suresh, Jennifer Rexford, Nick Feamster,

Alex Karcher 5 tips for production ready Azure Functions

Presentation transcript:

SONATA: Scalable Streaming Analytics for Network Monitoring Arpit Gupta Princeton University Ankita Pawar, Rob Harrison, Rüdiger Birkner, Marco Canini, Nick Feamster, Jennifer Rexford, Walter Willinger ]

Conventional Network Monitoring Compute Store Monitoring Queries NetFlow, sFlow, SNMP, etc. Monitoring Sensor

Problems with Status Quo Flexibility: Low-level (3rd party/platform-specific) APIs for monitoring queries Brittle setup---hard to maintain existing queries or add new ones

Problems with Status Quo Flexibility: Low-level (3rd party/platform-specific) APIs for monitoring queries Brittle setup---hard to maintain existing queries or add new ones Scalability: As Traffic Volume or # Monitoring Queries increases Hard to answer queries in real-time Hard to transport data from monitoring sensor Not suited for large networks running real-time monitoring queries

Stream Processors to the Rescue! Monitoring Queries Runtime Stream Processor Packet Tuples Monitoring Sensor

Empower Network Operators! Changing Status Quo Flexibility: Express Map/Reduce queries for packet tuples Not tied to low-level (3rd party/platform-specific) APIs Adding new queries is straightforward Empower Network Operators!

Is it Scalable? Use Case: Reflection Attack Monitoring Query Detect hosts for which # of unique source IPs sending UDP response messages exceeds threshold Use two hour IPFIX data trace from a large IXP Cost: Packet Processing: requires processing 220 M tuples per second Provides flexibility, but scalability is still a challenge for just one query

Idea 1: Query Partitioning Observation: Data Plane can process packets at line rate How it works? Map/reduce operations in data plane, filter, sample operations for OF-based data plane map, reduce, filter, join, sample operations for P4-based data plane Trade-off: Trades packet processing cost with additional state in the data plane

Programmable Data Plane Query Partitioning in Action Monitoring Queries Runtime Stream Processor Packet Tuples Data Plane Configurations Programmable Data Plane Runtime Partitions Monitoring Queries

How can we strike a balance between the two costs? Is it Scalable? Use Case: Reflection Attack Monitoring Query Detect hosts for which # of unique source IPs sending UDP response messages exceeds threshold Use two hour IPFIX data trace from a large IXP Costs: Packet Processing: 220 M  ~10 tuples per second Data Plane State: requires maintaining ~1 B entries in the data plane How can we strike a balance between the two costs?

Idea 2: Iterative Refinement Observation: Small fraction of traffic satisfies monitoring queries How it works: Augment operators’ query to observe at coarser level Iteratively (over successive window intervals) zoom-in to filter out uninteresting traffic Trade-off: Reduces packet processing & data plane state cost Introduces additional detection delay cost

Iterative Refinement in Action Monitoring Queries Runtime Stream Processor Packet Tuples Data Plane Configurations Programmable Data Plane Stream Processor’s output used by Runtime to refine queries

Is it Scalable? Use Case: Reflection Attack Monitoring Query Detect hosts for which # of unique source IPs sending UDP response messages exceeds threshold Use two hour IPFIX data trace from a large IXP Costs: Packet Processing: ~220 M  ~5 K tuples per second Data Plane State: ~1 B  ~12 K entries Detection Delay: 2 additional window intervals Trades pkt processing & data plane state costs for additional detection delay

SONATA Scalable Streaming Analytics Platform for Network Monitoring Application Interface Express queries w/o worrying about where and how it will be executed Runtime Iteratively refines and partitions each input query Data Plane & Streaming Managers Compile SONATA queries to target-specific configurations/queries

Application Interface Programmable Data Plane SONATA Architecture SONATA Queries Application Interface Q1 Q2 QN Refinement Output Tuples Runtime Partition Queries Queries Data Plane Manager Streaming Manager Config Queries Packets Input Tuples Stream Processor Programmable Data Plane

Changing Status Quo Flexibility: Scalability: Express Map/Reduce queries over packet tuples Don’t worry how or where the query is executed Adding new queries and platforms is trivial Scalability: Answers hundreds of queries in real-time for traffic volume as high as few Tb/s Strikes a balance between available resources, i.e. packets processed by the stream processor state required in the data plane

Summary SONATA makes it easier to express and scale network monitoring queries using Programmable Data Plane Scalable Stream Processor Running Code Github: github.com/Sonata-Princeton/SONATA-DEV Run test queries or express new ones Your Network Monitoring Queries?