Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gigascope A stream database for network monitoring

Published by妆 廖 Modified over 7 years ago

Similar presentations

Presentation on theme: "Gigascope A stream database for network monitoring"— Presentation transcript:

1 Gigascope A stream database for network monitoring
Chuck Cranor Yuan Gao Theodore Johnson Vladislav Shkapenyuk Oliver Spatscheck AT&T Labs - Research

2 Fast and Flexible Network Monitoring
High speed Monitor Gigabit Ethernet with a low loss rate Flexible SQL-like language to express monitoring queries Simple C-language interface for applications Perl interface Applications Network debugging Protocol debugging Network security Ad-hoc applications

3 Architecture HFTA : high level query node LFTA : low level query node
Clearing house : data stream manager Perl Appl’n C/C++ Appl’n C/C++ and Perl host libraries HFTAs and applications subscribe to data streams at the clearing house. HFTAs also register data streams. HFTA HFTA Firmware interface PCAP library LFTAs FTA registry Clearing house The clearing house manages data streams and registers the queries and schemas of data stream producers LFTAs can run either in the clearing house, or in the Network Interface Card (NIC) supported by a NIC RTS Standard device driver G’scope device driver LFTAs NIC NIC NIC RTS

4 Query Language Gigascope queries are written in GSQL Similar to SQL
Support for stream database queries Stream fields can have ordering properties Deduce when aggregates are closed and can be flushed to the output stream Currently limited to selection and aggregation Stream merge and stream join in the works. Query traffic_count.gsql: Schema of output stream: Select timebucket, sourceIP, destIP, source_port,dest_port, SUM(length) From TCP Where protocol=6 and (source_port=80 or dest_port=80) Group by time/5 as timebucket, sourceIP, destIP, source_port,dest_port STREAM traffic_count { UINT timebucket ( INCREASING ) ; UINT sourceIP UINT destIP ; UINT source_port ; UINT dest_port ; UINT SUM_length ; }

5 Query Architecture GSQL queries are translated into C or C++ code
LFTAs : translated into C code, interface with a Run Time System (RTS) HFTAs : translated into C++ code, using templatized push-based operators Self-documenting executables Generated code contains the defining query and the schema of the output stream GSQL queries can read from a network packet stream, or from the output of a GSQL query Queries that read packets from the network become LFTAs LFTA queries are tightly resource constrained Intended for execution in the kernel or the NIC Gigascope automatically splits queries into an LFTA and an HFTA

6 Query Splitting Select timebucket, sourceIP, destIP,
source_port,dest_port, SUM(length) From TCP Where protocol=6 and (source_port=80 or dest_port=80) Group by time/5 as timebucket, sourceIP, destIP, source_port,dest_port LFTA query: DEFINE{ query_name _fta_trafficcnt } Select timebucket, sourceIP, destIP, source_port,dest_port, SUM(length) From TCP Where protocol=6 and (source_port=80 or dest_port=80) Group by time/5 as timebucket, sourceIP, destIP, source_port,dest_port HFTA query: Select timebucket, sourceIP, destIP, source_port,dest_port, SUM(SUM_length) From _fta_trafficcnt Group by timebucket, sourceIP, destIP, source_port,dest_port

7 Performance Goal : Simple and rapid application development while increasing performance. Experiment : measure packet loss rate with different levels of traffic Gigabit Ethernet network 2% loss rate is acceptable Application : measure the volume of HTTP1.0 and HTTP1.1 traffic using port 80 Four approaches Dump all data to disk Monitor network using libpcap, but do no processing Gigascope using libpcap Gigascope running queries on the Gigabit Ethernet NIC

8

Download ppt "Gigascope A stream database for network monitoring"

Similar presentations

21 Sep 2005LCG's R-GMA Applications R-GMA and LCG Steve Fisher & Antony Wilson.

21 Sep 2005LCG's R-GMA Applications R-GMA and LCG Steve Fisher & Antony Wilson.
Connecting to Databases. relational databases tables and relations accessed using SQL database -specific functionality –transaction processing commit.

Connecting to Databases. relational databases tables and relations accessed using SQL database -specific functionality –transaction processing commit.
IEEE INFOCOM 2004 MultiNet: Connecting to Multiple IEEE 802.11 Networks Using a Single Wireless Card.

IEEE INFOCOM 2004 MultiNet: Connecting to Multiple IEEE Networks Using a Single Wireless Card.
© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Enabling Real Time Data Analysis.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Enabling Real Time Data Analysis.
Frenetic: A High-Level Language for OpenFlow Networks Nate Foster, Rob Harrison, Matthew L. Meola, Michael J. Freedman, Jennifer Rexford, David Walker.

Frenetic: A High-Level Language for OpenFlow Networks Nate Foster, Rob Harrison, Matthew L. Meola, Michael J. Freedman, Jennifer Rexford, David Walker.
Ns-2 tutorial Karthik Sadasivam Banuprasad Samudrala CSCI 5931 Network Security Instructor : Dr. T. Andrew Yang.

Ns-2 tutorial Karthik Sadasivam Banuprasad Samudrala CSCI 5931 Network Security Instructor : Dr. T. Andrew Yang.
Module 8: Concepts of a Network Load Balancing Cluster

Module 8: Concepts of a Network Load Balancing Cluster
Engine Design: Stream Operators Everywhere Theodore Johnson AT&T Labs – Research Contributors: Chuck Cranor Vladislav Shkapenyuk.

Engine Design: Stream Operators Everywhere Theodore Johnson AT&T Labs – Research Contributors: Chuck Cranor Vladislav Shkapenyuk.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
How to Build a Stream Database Theodore Johnson AT&T Labs - Research.

How to Build a Stream Database Theodore Johnson AT&T Labs - Research.
A Heartbeat Mechanism and its Application in Gigascope Johnson, Muthukrishnan, Shkapenyuk, Spatscheck Presented by: Joseph Frate and John Russo.

A Heartbeat Mechanism and its Application in Gigascope Johnson, Muthukrishnan, Shkapenyuk, Spatscheck Presented by: Joseph Frate and John Russo.
Information Networking Security and Assurance Lab National Chung Cheng University Snort.

Information Networking Security and Assurance Lab National Chung Cheng University Snort.
Applications : Network Monitoring Theodore Johnson AT&T Labs – Research Contributors: Chuck Cranor Vladislav Shkapenyuk Oliver.

Applications : Network Monitoring Theodore Johnson AT&T Labs – Research Contributors: Chuck Cranor Vladislav Shkapenyuk Oliver.
© 2006, The Technology Firm WWW.THETECHFIRM.COM Ethereal The Technology Firm.

© 2006, The Technology Firm Ethereal The Technology Firm.
NETWORK CENTRIC COMPUTING (With included EMBEDDED SYSTEMS)

NETWORK CENTRIC COMPUTING (With included EMBEDDED SYSTEMS)
Introduction to USB Development. USB Development Introduction Technical Overview USB in Embedded Systems Recent Developments Extensions to USB USB as.

Introduction to USB Development. USB Development Introduction Technical Overview USB in Embedded Systems Recent Developments Extensions to USB USB as.
HyperTransport™ Technology I/O Link Presentation by Mike Jonas.

HyperTransport™ Technology I/O Link Presentation by Mike Jonas.
Wave Relay System and General Project Details. Wave Relay System Provides seamless multi-hop connectivity Operates at layer 2 of networking stack Seamless.

Wave Relay System and General Project Details. Wave Relay System Provides seamless multi-hop connectivity Operates at layer 2 of networking stack Seamless.
SensIT PI Meeting, January 15-17, 2002 1 Self-Organizing Sensor Networks: Efficient Distributed Mechanisms Alvin S. Lim Computer Science and Software Engineering.

SensIT PI Meeting, January 15-17, Self-Organizing Sensor Networks: Efficient Distributed Mechanisms Alvin S. Lim Computer Science and Software Engineering.
LiNK: An Operating System Architecture for Network Processors Steve Muir, Jonathan Smith Princeton University, University of Pennsylvania

LiNK: An Operating System Architecture for Network Processors Steve Muir, Jonathan Smith Princeton University, University of Pennsylvania

Similar presentations

Ads by Google