Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vytautas Krakauskas LITNET CERT Swedbank SIRT

Published byBrad Ratchford Modified over 10 years ago

Similar presentations

Presentation on theme: "Vytautas Krakauskas LITNET CERT Swedbank SIRT"— Presentation transcript:

1 Vytautas Krakauskas LITNET CERT Swedbank SIRT
Nfsen + Hadoop Vytautas Krakauskas LITNET CERT Swedbank SIRT

2 Problems Limited storage capacity Large data set processing time

3 Storage capacity Steadily increasing network traffic
Up to six months of history for incident handling I/O is the major bottleneck

4 Processing time Currently no SMP support in nfdump
Important if I/O bottleneck is resolved

5 Processing with Nfdump

6 Distributed processing

7 The idea Distribute nfcap files between multiple nodes
Process the files using nfdump Combine the output and return to nfsen Nfsen and nfdump usage should feel the same

8 1. File distribution nfcapd stores files on a temporary file system
due to "random" write of stat header copy to HDFS at the end of each interval bonus: limited backup while system is being tested Redundant copies on multiple nodes higher redundancy for faster processing and better reliability lower redundancy for larger storage capacity

9 Modified architecture

10 2. Processing Process using nfdump
I/O through stdin/stdout Each node works only with locally stored files Currently based on the first block Aggregate when possible based on: stats type, aggregation options, filters Copy the results back to the HDFS for the combiner

11 3. Combining Combine the results as a single stream
a custom tool (nfcat) some information is lost (e.g. ident) nfdump does the final processing single instance (a bottleneck) Displays the results

12 Modified architecture

13 Comparison Limited to nfdump Original Distributed
Additional delays when using nfsen Original single nfdump instance files on a local file system Distributed Two nodes processes per node: 2 HDFS replication factor: 2

14 Comparison Top10 IPs, ordered by flows 1-18 files (5-90 minute period)
Filter “proto icmp”

15 Comparison

16 Conclusions Overhead has a significant impact for short periods
Initialization Job scheduling Combining and re-processing Limited speed gains due to aggregation Filtering is essential for achieving good speed gains Still needs some issues to be addressed

17 Thank you!

18 Patches (nfdist branch)
The code Patches (nfdist branch)

19 Comparison: bad case

Download ppt "Vytautas Krakauskas LITNET CERT Swedbank SIRT"

Similar presentations

MapReduce Online Tyson Condie UC Berkeley Slides by Kaixiang MO

MapReduce Online Tyson Condie UC Berkeley Slides by Kaixiang MO
 Open source software framework designed for storage and processing of large scale data on clusters of commodity hardware  Created by Doug Cutting and.

 Open source software framework designed for storage and processing of large scale data on clusters of commodity hardware  Created by Doug Cutting and.
SDN + Storage.

SDN + Storage.
1 IK1500 Communication Systems IK1330 Lecture 3: Networking Anders Västberg 08-790 44 55.

1 IK1500 Communication Systems IK1330 Lecture 3: Networking Anders Västberg
Project presentation by Mário Almeida Implementation of Distributed Systems KTH 1.

Project presentation by Mário Almeida Implementation of Distributed Systems KTH 1.
MapReduce Online Created by: Rajesh Gadipuuri Modified by: Ying Lu.

MapReduce Online Created by: Rajesh Gadipuuri Modified by: Ying Lu.
EHarmony in Cloud Subtitle Brian Ko. eHarmony Online subscription-based matchmaking service Available in United States, Canada, Australia and United Kingdom.

EHarmony in Cloud Subtitle Brian Ko. eHarmony Online subscription-based matchmaking service Available in United States, Canada, Australia and United Kingdom.
Lava: A Reality Check of Network Coding in Peer-to-Peer Live Streaming Mea Wang, Baochun Li Department of Electrical and Computer Engineering University.

Lava: A Reality Check of Network Coding in Peer-to-Peer Live Streaming Mea Wang, Baochun Li Department of Electrical and Computer Engineering University.
Network Traffic Analysis using HADOOP Architecture Shan Zeng HEPiX, Beijing 17 Oct 2012.

Network Traffic Analysis using HADOOP Architecture Shan Zeng HEPiX, Beijing 17 Oct 2012.
RAID Redundant Arrays of Inexpensive Disks –Using lots of disk drives improves: Performance Reliability –Alternative: Specialized, high-performance hardware.

RAID Redundant Arrays of Inexpensive Disks –Using lots of disk drives improves: Performance Reliability –Alternative: Specialized, high-performance hardware.
REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.

REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.
Spark: Cluster Computing with Working Sets

Spark: Cluster Computing with Working Sets
Clydesdale: Structured Data Processing on MapReduce Jackie.

Clydesdale: Structured Data Processing on MapReduce Jackie.
Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.

Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.
Lecture 3: A Case for RAID (Part 1) Prof. Shahram Ghandeharizadeh Computer Science Department University of Southern California.

Lecture 3: A Case for RAID (Part 1) Prof. Shahram Ghandeharizadeh Computer Science Department University of Southern California.
Efficient replica maintenance for distributed storage systems Byung-Gon Chun, Frank Dabek, Andreas Haeberlen, Emil Sit, Hakim Weatherspoon, M. Frans Kaashoek,

Efficient replica maintenance for distributed storage systems Byung-Gon Chun, Frank Dabek, Andreas Haeberlen, Emil Sit, Hakim Weatherspoon, M. Frans Kaashoek,
Copyright © 2012 Cleversafe, Inc. All rights reserved. 1 Combining the Power of Hadoop with Object-Based Dispersed Storage.

Copyright © 2012 Cleversafe, Inc. All rights reserved. 1 Combining the Power of Hadoop with Object-Based Dispersed Storage.
Advanced Topics: MapReduce ECE 454 Computer Systems Programming Topics: Reductions Implemented in Distributed Frameworks Distributed Key-Value Stores Hadoop.

Advanced Topics: MapReduce ECE 454 Computer Systems Programming Topics: Reductions Implemented in Distributed Frameworks Distributed Key-Value Stores Hadoop.
Data Mining on the Web via Cloud Computing COMS E6125 Web Enhanced Information Management Presented By Hemanth Murthy.

Data Mining on the Web via Cloud Computing COMS E6125 Web Enhanced Information Management Presented By Hemanth Murthy.
A Brief Overview by Aditya Dutt March 18 th ’ 2014 1Aditya Inc.

A Brief Overview by Aditya Dutt March 18 th ’ Aditya Inc.

Similar presentations

Ads by Google