NetSearch: Googling Large-scale Network Management Data GROUP 2 MEMBERS SAMUEL LAWER WENBO HAN HUAN YAN PEI YAN SHREY YADAV SHUAI YU SHINE PANDITA

OUTLINE  Introduction  Overview and Syntax of Data Sets  Netsearch Methodology  Evaluation  Application  Relation to FCAPS  Conclusion

Introduction What is Netsearch?  It is a search and information retrieval tool design to work on network measurement and monitoring data sets.

Overview and Syntax of Data Sets  LOGS  An example is a router syslog which captures information about network conditions and the hardware component involved such as link and protocol state, high voltage or temperature etc.

Overview and Syntax of Data Sets  Device alarms  In many cases, layer-1 alarms indicate the root causes of upper layer issues. This is an example of layer 1 alarms.  Some network devices generate alarms when certain events occur. Data from here usually contains time and location information. An example is SONET alarms.

Overview and Syntax of Data Sets  Control Plane Monitoring.  Control plane refers to the learning of routes by routers. For better network performance we monitor the exchanges of information between routing protocols.

Netsearch Methodology  The goal of Netsearch is to sort through large amounts of network information and return the relevant ones to the network operator.  Configuration Learning  Location Extraction  Indexing and Searching  Query Interpretation

Netsearch Methodology

Config Learning  Based on configuration files of each router, Netsearch can form location dictionary and location hierarchy.  location dictionary: extract location information embedded in network messages. Netseach can also understand the syntax or format of locations.  location hierarchy contains two parts physical hierarchy and logical hierarchy.

Netsearch Methodology Netsearch uses the physical hierarchy to build the Indexing and searching algorithm. One to Many One router can have multiple slots One slot can have many ports

Location Extraction  Based on router configuration  Based on message context  Based on domain knowledge A hybrid method combination of the three Netsearch Methodology

Indexing and Searching  Contains 3 parts information: Time/location/other description(optional)  Involves Temporal indexing and Spatial indexing.  Relevant iff their positions in the location hierarchy tree are either the same or one is the other’s ancestor Example interfaces and messages.

Query Interpretation  There are two options provided for the flexibility of location query 1. Specify the type: interface XXX or ID XXX 2. If no specification; mapping from signature to location digits(D)/alphabetic characters(A)/others(O) Example: SERIAL2/0.7/11: AAAAAAADODODODDOD Netsearch Methodology

Evaluation  Evaluation of Netsearch was done using the 3 network data set ( Syslog, OSPF and SONET ) to evaluate the 3 main components of Netsearch, ie, location extraction, indexing and searching, and query interpretation.  Performed on a tier 1 ISP for a month.

Evaluation  Location Extraction

Evaluation  Indexing and Searching

Evaluation  Query Interpretation

Application  Important use of Netsearch is to assist network operators in analyzing the impact of a network event.  Network operator of the tier 1 ISP noticed that port 1/1/1 on router R1 was unstable.

Application

 Using grep (global regular expression print) to capture and analyze is a complicated task and is time consuming.  Netsearch provides the related set of messages within minutes

Relation to FCAPS  Increase the efficiency to obtain the relevant messages (P)

Conclusion  Netsearch tool has been developed to sort through a wide range of network data such as those for large tier 1 ISPs.  Acts as the “google” for network analysis.  Search and indexing involves spatial and temporal information.

THANK YOU