Presentation is loading. Please wait.

Presentation is loading. Please wait.

SPB Improvements and Network Analytics for ML

Published byMarta Janik Modified over 5 years ago

Similar presentations

Presentation on theme: "SPB Improvements and Network Analytics for ML"— Presentation transcript:

1 SPB Improvements and Network Analytics for ML
Jorge Arasanz

2 Network Evolution Ethernet/IP Knowledge is basic
PDH SDH Ethernet/IP Ethernet/IP Knowledge is basic Both CAPEX and OPEX optimized Modern O&M: DevOps, IEC-61850 SCADA Transition to Ethernet/IP – IoT (IEC-104, Modbus) Open Platforms for low-cost tailored solutions Protocols Improving: Low Latency, multipath, multicast, etc. Security: Widely knowledge, MORE RISK: Need to CONTROL and ISOLATE

3 SPB: One STANDARD to rule them all – IEEE 802.1aq
SPBM ISIS learning Optimized, Always Shortest Path. Topology: Mesh, Partial… no matter 16M iSID Native Service AutoProvision & AutoDiscovery (ISIS) MAC containment NO LOOPS by definition Some 100ms for 1000 nodes BUM traffic tunneled by the NETWORK Transparent Transport L2 (ELAN/VPLS) and L3 (IP-VPN) Services NO traffic Tromboning when topology changes IEEE 802.1aq RFC 6329

4 Service Defined Network – Enhancements to Shortest Path Bridging - 2019
Feature Parity over services VRRP over SPB PIM over SPB IPv6 L3VPN DHCP Relay over SPB UDP Relay over SPB Improved manageability and convergence Inband management for SPB nodes Hardware based flooding SPB over Point to Multipoint Links SPB Inline Routing Inline Routing using bandwidth from front-panel ports Inline Routing using bandwidth from dedicated internal port Inline Routing using native single-pass processing Multicast Scalability over SPB PIM Message Packing Anycast RP – Redundancy and Load Sharing Scalability of multicast flows Massive Video Surveillance

5 Inband management of SPB nodes
8.5 R4 Prior to 8.5R4, SPB domain and vlan domain were managed as separate networks. To manage BEBs and BCBs, one of two methods were used: Overlay management vlan, separate from SPB bvlans, and running STP. Using external loopback cable to enable routing over SPB domain. Starting 8.5R4, we support management IP access to SPB BEBs and BCBs. Configure IP interface on control bvlan. ISIS-SPB will provide the mac to ip mapping. No ARPs on bvlans. VLAN iSID-SPB AOS Configuration: spb bvlan admin-state enable spb isis control-bvlan 4000 ip interface "spb-mgmt" address /24 vlan 4000 NOW iSID-SPB AOS

6 VRRP over SPB 8.5 R2 VRRP is now configured on an IP interface, instead of being configured on a vlan, thereby providing a common way for enabling VRRP on both vlans and SPB services. vrf <vrfName>] [ip | ipv6] vrrp <virtual-router-id> interface <ip_ifName> [vrf <vrfName>] show [ip | ipv6] vrrp [<virtual-router-id> interface <ip_ifName>] All platforms vrrp iSID-SPB iSID-SPB AOS AOS

7 SPB fast convergence: HW LSP forwarding
8.5 R4, Mar 2019 Improve fast convergence of an SPB network in response to a topology update event due to a link failure event. The SPB ISIS LSP Flooding does interoperate with earlier AOS and also other vendor SPB nodes that may not support this feature. Instantly forward and trap links failures to all nodes in the network instead of waiting for each node to process the update and then forward it. This operations expedites the SPF calculation in response to the topology change Using this method, convergence is achieve in <100 ms convergence spb isis rapid-lsp-converge { [admin-state <enable> | <disable>] | [isid <isid_num>]} Defaults: admin-state = enable ; isid_num = or (0xFFFF01) is the reserved default on all AOS platform Range xffffff How? Via a reserved ISID in tandem mode associated with the control BVlan. Each link multicast address is associated with an MC index and programmed in the hardware. In the event of a LSP update because of a topology altering event in this node (as in LINK_DOWN) an SPB ISIS LSP frame is generated with a modified ethernet header. Here the DA Mac address is replaced with the multicast S,G address derived from the system info and reserved ISID of this local node. This frame is then sent out in the MC Index that is reserved for this Source based multicast address. The multicast LSP frame is now received on all the SPB Nodes. Each node will copy this frame to the local cpu and forward it down stream if there are any down streams nodes in the distribution list. The local cpu will forward this multicast LSP frame to the SPB ISIS Protocol for processing. When the SPB ISIS protocol receives this frame, it determined to be of type LSP and received as a multicast frame. Note that normal LSP frames are unicast frames that is exchanged between adjacencies. The S,G multicast address of the ethernet header is inspected to check if the ISID portion of the multicast address matches with the configured reserved ISID. At this point it is determined that this is a special LSP update frame sent in response to a change in topology at the remote SPB node. The LSP ID in the frame will indicate the node where the topology change occurred. The frame is now enqueued to the SPF queue to run the SPF algorithm on this LSP update. The SPF run is expedited without waiting for the SPF timers to kick in. This leads to an immediate SPF computation and update of the control and data plane for the BMac address and services associated with this LSP-ID. This process is repeated throughout the network in all the SPB Nodes. The result is a rapid convergence of the SPB ISIS protocol.

8 Comparison of LSP propagation:
Fig1: Hop by Hop LSP propagation Fig 2: Transmit a special LSP in a reserved ISID domain to all SPB nodes. Send a Multicast LSP Frame from Switch 2 Switch 1 Switch 2 Switch 4 Switch 5 Switch 6 Switch 3 ISID 0xffff01 Send a Multicast LSP Frame from Switch1

9 High Level – Legacy InterDomain Routing
SPB Domain 1Q VLAN Domain vlan 1000 vlan 2000 isid 1000 isid 2000

10 Inline Routing: native single-pass
service access port 1/1/1; service 1 sap port 1/1/1:0 spb interface port 1/1/48; spb bvlan 4000; spb isis control-bvlan 4000; service spb 1 isid 1000 bvlan 4000 Service spb 2 isid 2000 bvlan 4000 SPB Network Link SPBM Backbone CE Device ip interface ipvpn1 address /24 service 1; ip interface ipvpn2 address /24 service 2;

11 High Level – InterDomain Routing
AOS8 VRF or GRT isid 1000 isid 2000

12 Automated Containment of IoT Enabled networks
Steel Plant 2 Admin Office Identify the newly connected IoT device using device signatures DB Steel Plant 1 Engineering Lab Sales Office Restaurant Classify the device into a profile for IoT device returned by Signature profiler Manufac. Manufac. Signature Signature Temp Sensor Pressure Sensor OS6465 OS6560 OS6865 UNP UNP Manufacturing Profile Signature Manufacturing IoT devices Security IoT devices Dev type Omnivista Signature profiling service Endpoint Inventory Local Cache Secure onboarding of IoT devices automatically

13 Industrial and Utilities Networks under threat
With the increased use of mobile devices, BYOD, and IoT, the need for security is becoming more relevant. Cyber attacks are increasing in volume and in the cost to recover from these attacks. Recently, the San Francisco Municipal Transportation Agency (SFMTA) was attacked for ransomware which took more than 2100 ticketing machines, workstations and computers, out of order. The transportation authority was able to recover their network, fortunately, without having to pay the ransomware of $73,000, but their estimated loss in fares was more than $500K per day, over the US Thanksgiving weekend, so a significant loss. NOTES: *1: Data from AON report: Cyber Risk for Entertainment-Hospitality Sector (March 2016) *2: The Guardian , Sep 2016: *3: *4: April 2016 *5:

14 Securing the SPB access.(IoT, etc.)
User or Device is authenticated using 802.1X or MAC AAA returns UNP name DYNAMICALLY, the SAP is created, and so the SPB service. SCADA: isid 2 User/password or MAC AAA 1 UNP_SCADA isid 2 UNP: UNP_SCADA Classification Rules Port and MAC must math. If match, the AOS applies a UNP, and DYNAMICALLY, SAP is created and SPB Service as well. No need for external AAA SCADA: isid 2 UNP:UNP_SCADA Port=1/1/1 MAC=00:11:22:33:44:55 isid=2 2 1/1/1 UNP_SCADA isid 2 MAC-SA=00:11:22:33:44:55 SCADA: isid 2 Default_UNP:UNP_SCADA isid=2 Default UNP in the Port, when NO AAA or bad response from AAA, and NO classification match. Applies the default UNP, and DYNAMICALLY creates the SAP and SPB service 3 UNP_SCADA isid 2

15 Securing SPB Access: Classification Rules
OS6860-1> show service spb Legend: * denotes a dynamic object SPB Service Info SystemId : e8e7.32f6.12fb, SrcId : 0x612fb, SystemName : OS6860-1 SAP Bind MCast ServiceId Adm Oper Stats Count Count Isid BVlan Mode (T/R) 32770* Up Up N Tandem (1/1) Total Services: 1 OS6860-1> show mac-learning domain spb isid 1000 Legend: Mac Address: * = address not valid, Mac Address: & = duplicate static address, Domain Vlan/SrvcId[ISId/vnId] Mac Address Type Operation Interface SPB : :50:56:be:43:b dynamic servicing sap:1/1/1 SPB : :50:56:be:e6: dynamic servicing sdp:32785:32770 Total number of Valid MAC addresses above = 2

16 OV - SPB TOPOLOGY

17 Analytics for ML

18 Architecture + OV tenants VMs OV global OV Analytics Engine
Public APIs OV Analytics Engine RSSI Autocal Fingerp. Developer Portal Loc. eng WGS84 POS Load Balancer MQTT brokers Kafka Connect + MQTT: analytics AOS8 reports BLE + WIFI RSSI data Architecture Time Series Database Micro-services WarpScript Geofencing Notifications hour analytics Daily analytics Heatmaps API UI: map & positions UI: analytics Time Series Database UI: heatmaps MQTT : config updates Floors, users Login SSO + /APGroups analytics widgets AP/GW config OV tenants VMs OV global

19 ML - First Steps Gather rich Datasets (currently LAB and specific customers) - Analytics What to measure? A single 48 ports switch may report measurements (m) with hundred of features (n)… 𝑋 1 (1) 𝑋 1 (2) ⋯ 𝑋 1 (𝑛) ⋮ ⋱ ⋮ 𝑋 𝑚 (1) 𝑋 𝑚 (2) ⋯ 𝑋 𝑚 (𝑛) (𝑚 ×𝑛) Phenomenological issues… What to measure? What is an anomaly? Correlations between features? And between samples? CPU load Tasks running Memory SPT-TCN Port status??? On/Off

20 Anomaly Detection Traditional approach vs ML approach
ML approaches can be easier and faster, specially with large (m x n), although providing a fair accuracy. Supervised vs Unsupervised learning Difficult or near impossible to label measurements. Unsupervised learning could be more suited for MLaaS (each customer’s network will be different) Trying: Multivariable Normal Distribution K-mean clustering STL decomposition (Trend, Seasonality and Residual) … Neural Networks (MLP) under analysis. Current ML mantra: “The key is the Dataset”.

21 Anomaly Detection port1 port2 port3 … portN CPU RAM #Tasks #TCN
SPB-ISIS ON OFF 33 70 287 6 2 40 290 31 67 276 90 75 286 7

22 Anomaly Detection Stochastic? Correlated between them?
port1 port2 port3 portN CPU RAM #Tasks #TCN SPB-ISIS ON OFF 33 70 287 6 2 40 290 31 67 276 90 75 286 7 Stochastic? Correlated between them? Correlated with CPU/RAM/#Tasks? Correlated with #TCN…? ON OFF 2 60 ≈ 10 18 Feature reduction from 60 status features to 1 single feature

23 Anomaly Detection STL Decomposition port1 port2 port3 … portN CPU RAM
#Tasks #TCN SPB-ISIS ON OFF 33 70 287 6 2 40 290 31 67 276 90 75 286 7 STL Decomposition

24 Summary Managing ML in Time Series for Anomaly Detection in Networks is a work in progress. In our initial work, GOOD DATASET seems to be more important than the algorithm (still pending NN) – Very few features used. Out aim is NOT ONLY detect Anomalies, but be able to “rewind” and see the “events” that lead to the Anomaly.

25 MUCHAS GRACIAS www.al-enterprise.com Y síguenos en:
Twitter.com/ALUEnterprise Facebook.com/ALUEnterprise Youtube.com/user/enterpriseALU Linkedin.com/company/alcatellucententerprise Slideshare.net/Alcatel-Lucent_Enterprise

Download ppt "SPB Improvements and Network Analytics for ML"

Similar presentations

LAN Segmentation Virtual LAN (VLAN).

LAN Segmentation Virtual LAN (VLAN).
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 4: Routing Concepts Routing Protocols.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 4: Routing Concepts Routing Protocols.
Switching & Operations. Address learning Forward/filter decision Loop avoidance Three Switch Functions.

Switching & Operations. Address learning Forward/filter decision Loop avoidance Three Switch Functions.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.
1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
LOGO Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Chapter 6.

LOGO Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Chapter 6.
Connecting Networks © 2004 Cisco Systems, Inc. All rights reserved. Exploring How Routing Works INTRO v2.0—4-1.

Connecting Networks © 2004 Cisco Systems, Inc. All rights reserved. Exploring How Routing Works INTRO v2.0—4-1.
Layer 2 Switch  Layer 2 Switching is hardware based.  Uses the host's Media Access Control (MAC) address.  Uses Application Specific Integrated Circuits.

Layer 2 Switch  Layer 2 Switching is hardware based.  Uses the host's Media Access Control (MAC) address.  Uses Application Specific Integrated Circuits.
Connecting LANs, Backbone Networks, and Virtual LANs

Connecting LANs, Backbone Networks, and Virtual LANs
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing And Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing And Switching.
Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE00378-1.

Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE
Chapter 4: Managing LAN Traffic

Chapter 4: Managing LAN Traffic
Link State Routing Protocol W.lilakiatsakun. Introduction (1) Link-state routing protocols are also known as shortest path first protocols and built around.

Link State Routing Protocol W.lilakiatsakun. Introduction (1) Link-state routing protocols are also known as shortest path first protocols and built around.
TRansparent Interconnection of Lots of Links (TRILL) www.iol.unh.edu www.iol.unh.edu March 11 th 2010 David Bond University of New Hampshire: InterOperability.

TRansparent Interconnection of Lots of Links (TRILL) March 11 th 2010 David Bond University of New Hampshire: InterOperability.
© 2006 Cisco Systems, Inc. All rights reserved.1 Microsoft Network Load Balancing Support Vivek V

© 2006 Cisco Systems, Inc. All rights reserved.1 Microsoft Network Load Balancing Support Vivek V
Network Admin Course Plan Accede Institute Of Science & Technology.

Network Admin Course Plan Accede Institute Of Science & Technology.
Example STP runs on bridges and switches that are 802.1D-compliant. There are different flavors of STP, but 802.1D is the most popular and widely implemented.

Example STP runs on bridges and switches that are 802.1D-compliant. There are different flavors of STP, but 802.1D is the most popular and widely implemented.

Similar presentations

Ads by Google