Presentation is loading. Please wait.

Presentation is loading. Please wait.

Configuring, Diagnosing, and Securing Data Center Networks and Systems Yan Chen Lab for Internet and Security Technology (LIST) Department of Electrical.

Published byRaymond Poole Modified over 9 years ago

Similar presentations

Presentation on theme: "Configuring, Diagnosing, and Securing Data Center Networks and Systems Yan Chen Lab for Internet and Security Technology (LIST) Department of Electrical."— Presentation transcript:

1 Configuring, Diagnosing, and Securing Data Center Networks and Systems Yan Chen Lab for Internet and Security Technology (LIST) Department of Electrical Engineering and Computer Science Northwestern University

2 Chicago 2

3 Northwestern 3

4 4

5 Statistics Chicago: 3 rd largest city in US NU: ranked #12 by US News & World Report –Established in 1851 –~8000 undergrads McCormick School of Engineering: ranked #20 –180 faculty members – ~1400 undergrads and similar # of grad students 5

6 Statistics of McCormick National academy memberships: –National Academy of Engineering (NAE): 12 active, 7 emeriti –National Academy of Science (NAS): 3 active –Institute of Medicine (IoM): 1 emeritus –American Academy of Arts and Sciences (AAAS): 5 active, 3 emeriti –National Medal of Technology: 1 active 6

7 Emerging Data Centers Huge scale networks and server farms Multi-tier distributed services How to configure the DC networks? How to diagnose cloud services in DC? How to defend DC networks and systems? 7

8 Our Solutions How to configure the DC networks? –Generic and Automatic Address Configuration for Data Center Networks (DAC) [SIGCOMM 10], also selected as one of three best papers for fast track to ACM/IEEE ToN. How to diagnose cloud services in DC? –Rake: Semantics Assisted Network-based Tracing and Diagnosis (IWQoS 2011) How to defend DC networks and systems? –NetShield: High Speed and Accurate Network- based IPS [SIGCOMM 10] –WebShield: Defending Web Attacks [NDSS11] 8

9 RAKE: SEMANTICS ASSISTED NETWORK-BASED TRACING FRAMEWORK 9

10 10 Motivation Large distributed systems involve thousands of or even 100s of thousands of nodes –E.g. search system, CDN Host-based monitoring cannot infer the performance or detect bugs –Hard to translate OS-level info (such as CPU load) into application performance –App log may not be enough –Hard to collect all the logs Task-based approach adopted in many diagnosis systems –WAP5, Magpie, Sherlock

11 11 Task-based Approaches The Critical Problem – Message Linking –Link the messages in a task together into a path or tree

12 12 Example of Message Linking in Search System URL Search keyword URL Search keyword Doc ID

13 13 Task-based Approaches The Critical Problem – Message Linking –Link the messages in a task together into a path or tree Challenges –Accuracy –Non-invasiveness –Scalability to large computing platforms –Applicability to a large number of applications

14 14 Existing Approaches Black-box approaches –Do not need to instrument the application or to understand its internal structure or semantics –Time correlation to link messages Project 5, WAP5, Sherlock –Rely on time Correlation –Accuracy affected by cross traffic

15 15 Existing Approaches White-box approaches –Extracts application-level data and requires instrumenting the application and possibly understanding the application's source codes –Insert a unique ID into messages in a task X-Trace, Pinpoint –Invasive due to source code modification

16 16 Related Work Non-InvasiveInvasive Network Sniffing Interpo- sition App or OS Logs Source code modification Black-box Project 5, Sherlock WAP5Footprint Grey-boxRakeMagpie White-box X-Trace, Pinpoint Invasiveness Application Knowledge

17 17 Rake Key Observations –Generally no unique ID linking the messages associated with the same request –Exist polymorphic IDs in different stages of the request Semantic Assisted –Use the semantics of the system to identify polymorphic IDs and link messages

18 18 Message Linking Example URL Search keyword URL Search keyword Doc ID

19 19 Architecture of Rake

20 20 Questions on Semantics What Are the Necessary Semantics? –Use data flow analysis to automatically extract the invariants (and its transformation) How Does Rake Use the Semantics? –Naïve design is to implement Rake for each application with specific application semantics How Efficient Is the Rake with Semantics –Can message linking be accurate? –What’s the computational complexity of Rake?

21 21 Utilize Semantics in Rake Implement Different Rakes for Different Application is time consuming –Lesson learnt for implementing two versions of Rake for CoralCDN and IRC Design Rake to take general semantics –A unified infrastructure –Provide simple language for user to supply semantics

22 22 Example of Rake Language (IRC) TCP 6667 Regular expression PRIVMSG\s+(.*) Same as Link ID No Return ID P Q R S Link_IDFollow_ID = Query_ID = Response_ID

23 23 Potential Applications Search –Verified by Microsoft collaborator CDN –CoralCDN is studied and evaluated Chat System –IRC is tested Distributed File System –Hadoop DFS is tested

24 24 Accuracy Analysis One-to-one ID Transforming –Examples In search, URL -> Keywords -> Canonical format In CoralCDN, URL -> Sha1 hash value –Ideally no error if requests are distinct Request ambiguousness –Search keywords Microsoft search data Less than 1% messages with duplication in 1s –Web URL Two real http traces Less than 1% messages with duplication in 1s –Chat messages No duplication with timestamps

25 25 Evaluation Application –CoralCDN –Hadoop Experiment –Employ PlanetLab hosts as web clients –Retrieve URLs from real traces with different frequency Metrics –Linking accuracy (false positive, false negative) –Diagnosis ability Compared Approach –WAP5

26 26 CoralCDN Task Tree

27 27 Message Linking Accuracy Use Log-Based Approach to Evaluate WAP5 and Rake Linking in CoralCDN

28 28 Diagnosis Ability Controlled Experiments –Inject junk CPU-intensive processes –Calculated the packet processing time using WAP5 and Rake Obviously Rake can identify the slow machine, while WAP5 fails.

29 29 Conclusions Feasibility/Applicability –Rake works for many popular applications in different categories Easiness –Rake allows user to write semantics via XML –Necessary semantics are easy to obtained given our experience Accuracy –Much more accurate than black-box approaches and probably matches white-box approaches Non-invasiveness

30 30 Q & A? Thanks!

31 31 Backup

32 32 Necessary Semantics Intra-node linking –The system semantics Inter-node link –The protocol semantics Node P Q R S

33 33 Signature Signature to Classify Messages – TCP 6667 – Formats of Signatures –Socket information Protocol, port –Expression for TCP/IP header udp [10]&128==0 –Regular expression –User defined function

34 34 Link_ID and Follow_ID Follow_IDs –The IDs will be in the triggered messages by this message –One message may have multiple Follow_IDs for triggering multiple messages Link_ID –The ID of the current message –Match with Follow_ID previously seen Linking of Link_ID and Follow_ID –Mainly for intra-node message linking

35 35 Query_ID and Response_ID Query_IDs –The communication is in Query/Response style, e.g. RPC call and DNS query/response. –The IDs will be in the response messages to this message Response_ID –The ID of the current message to match Query_ID previously seen –By default requires the query and response to use the same socket Linking of Query_ID and Response_ID –Mainly for inter-node message linking

36 36 Complicated Semantics The process of generating IDs may be complicated –XML or regular expression is not good at complex computations –So let user provide own functions User provide share/dynamic libraries Specify the functions for IDs in XML Implementation using Libtool to load user defined function in runtime

37 37 Example for DNS UDP 53 udp[10] & 128 == 0 User Function dns.so Link_ID Link_ID Link_ID …………………………….. Extract the queried host

38 38 Semantics of Hadoop Get operation

39 39 Semantics of Hadoop Grep operation

40 40 Abused IPC Call in Hadoop It is a problem that we found in Hadoop source code. Four “getFileInfo”s are used here, while only one is enough.

41 41 Running time of Hadoop steps

42 42 Discussion Implementation Experience –How hard for user to provide semantics CoralCDN – 1 week source code study DNS – a couple of hours Hadoop DFS – 1 week source code study Inter-process Communication Encryption –Dynamic library interposition

43 43 Conclusions Feasibility/Applicability –Rake works for many popular applications in different categories Easiness –Rake allows user to write semantics via XML –Necessary semantics are easy to obtained given our experience Accuracy –Much more accurate than black-box approaches and probably matches white-box approaches Non-invasiveness

Download ppt "Configuring, Diagnosing, and Securing Data Center Networks and Systems Yan Chen Lab for Internet and Security Technology (LIST) Department of Electrical."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
NDN in Local Area Networks Junxiao Shi The University of Arizona 2014-09-04 1.

NDN in Local Area Networks Junxiao Shi The University of Arizona
Rake: Semantics Assisted Network- based Tracing Framework Yao Zhao (Bell Labs), Yinzhi Cao, Yan Chen, Ming Zhang (MSR) and Anup Goyal (Yahoo! Inc.) Presenter:

Rake: Semantics Assisted Network- based Tracing Framework Yao Zhao (Bell Labs), Yinzhi Cao, Yan Chen, Ming Zhang (MSR) and Anup Goyal (Yahoo! Inc.) Presenter:
1 Internet Networking and Application Troubleshooting Yao Zhao EECS Department Northwestern University.

1 Internet Networking and Application Troubleshooting Yao Zhao EECS Department Northwestern University.
Look Who’s Talking: Discovering Dependencies between Virtual Machines Using CPU Utilization HotCloud 10 Presented by Xin.

Look Who’s Talking: Discovering Dependencies between Virtual Machines Using CPU Utilization HotCloud 10 Presented by Xin.
ECE 4450:427/527 - Computer Networks Spring 2015 Dr. Nghi Tran Department of Electrical & Computer Engineering Lecture 8: Application Layer Dr. Nghi Tran.

ECE 4450:427/527 - Computer Networks Spring 2015 Dr. Nghi Tran Department of Electrical & Computer Engineering Lecture 8: Application Layer Dr. Nghi Tran.
Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.

Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.
Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.

Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Web Server Administration

Web Server Administration
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.
Internet Networking Spring 2002 Tutorial 13 Web Caching Protocols ICP, CARP.

Internet Networking Spring 2002 Tutorial 13 Web Caching Protocols ICP, CARP.
School of Computer Science and Information Systems

School of Computer Science and Information Systems
Polaris Financial Technologies Welcomes the members of Hyderabad chapter for the 2nd event on 4 th July 14 held by PACE (The Testing Practice)

Polaris Financial Technologies Welcomes the members of Hyderabad chapter for the 2nd event on 4 th July 14 held by PACE (The Testing Practice)
Winter Retreat - 2003 Connecting the Dots: Using Runtime Paths for Macro Analysis Mike Chen, Emre Kıcıman, Anthony Accardi, Armando Fox, Eric Brewer

Winter Retreat Connecting the Dots: Using Runtime Paths for Macro Analysis Mike Chen, Emre Kıcıman, Anthony Accardi, Armando Fox, Eric Brewer
COE 342: Data & Computer Communications (T042) Dr. Marwan Abu-Amara Chapter 2: Protocols and Architecture.

COE 342: Data & Computer Communications (T042) Dr. Marwan Abu-Amara Chapter 2: Protocols and Architecture.
Lesson 19 Internet Basics.

Lesson 19 Internet Basics.
 Distributed Software Chapter 18 - Distributed Software1.

 Distributed Software Chapter 18 - Distributed Software1.
Presenter: Chi-Hung Lu 1. Problems Distributed applications are hard to validate Distribution of application state across many distinct execution environments.

Presenter: Chi-Hung Lu 1. Problems Distributed applications are hard to validate Distribution of application state across many distinct execution environments.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Similar presentations

Ads by Google